Please DONT do this.
The whole point in the move from apt-key is that repositories should be
validated by individual keys. Putting the key in to /etc/apt/trusted.gpg.d
undermines this.
It runs counter to the Debian way. AND it runs against Kali advice
itself. Look at this blog entry from earlier in the year-
You’ll see that the Kali advice is that the signing key should be placed
in /usr/share/keyrings.
Do the right thing: put the key in /usr/share/keyrings, and reference
it in the repo definition using signed-by .
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.