Support an administratively writeable keyring location for the system bootstrap task

The SystemBootstrapRepositoryKeyring model is used to describe a keyring location and presently allows for general http URLs as well as file:// URLs provided they start with /usr/share/keyrings. It generally is a bad idea to write to that location without a binary package. This leaves a local admin with little choice to place keyrings but on http. The restriction on filenames generally makes sense, but would it be possible to add another location that is more ok to write to as site-local modification? A possible location could be /usr/local/share/keyrings, but making this somehow site-configurable would also work.