Infra mirrors get their indices rebuilt to avoid broken
indices (due to partial update).
Unfortunately, this wipes out the cryptographic signatures.
Our approach so far was disabling apt security features globally.
However, this is not a valid choice for external repos.
It hid an issue we introduced with new RabbitMQ repos missing
proper keys installed in the image.
This caused permanent failures outside of our CI.
Our process should be as close as possible to users' experience.
This patch makes CI trust only the mirrors that have their indices
rebuilt (so infra mirrors).
(cherry picked from commit