Only revoke weak RSA keys now, add 'next' and 'future' levels

This implements a couple of bits:

1. Adding an audit level to the download methods so they can issue audit messages
2. Introducing a LaterWorthless level that is like SoonWorthless but issues audit messages
3. A new function with test cases that checks a public key string against an assertion list
4. New future and next levels that issue audit or warning levels for keys not allowed in them.

This allows us to revoke <rsa2048 now, have warnings for uncommon keys like Brainpool, and issue only audit messages for NIST keys (and RSA3072).

Fixes: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2073126