Address review feedback

- Fail faster when upgrading apt.
- Provide a more descriptive message if apt traffic is redirected.

install_files/ansible-base/roles/install-fpf-repo/tasks/upgrade_apt.yml

@@ -3,14 +3,22 @@
 # If apt < 1.4.9, it is vulnerable to CVE-2019-3462 and we must ensure no
 # redirects are followed when updating apt via apt.
 - name: Upgrade apt without following redirects
-  shell : |
-    apt -o Acquire::http::AllowRedirect=false update
+  shell : >
+    apt -o Acquire::http::AllowRedirect=false update && \
     apt -o Acquire::http::AllowRedirect=false --only-upgrade -y install apt
   become: yes
   register: _apt_upgrade_command_output_results
   changed_when: "'1 upgraded, 0 newly installed, 0 to remove' in _apt_upgrade_command_output_results.stdout"
   tags: apt
 
+- name: Inform user that apt traffic is being redirected
+  assert:
+    that:
+      - "'302 Found' not in _apt_upgrade_command_output_results.stdout"
+      - "'302 Found' not in _apt_upgrade_command_output_results.stderr"
+
+    fail_msg: "It appears your apt traffic is being redirected, SecureDrop cannot be installed. See issue #4058 for details"
+
 - name: Get apt version
   shell: dpkg-query --showformat='${Version}' --show apt
   register: _apt_query_command_output_result