upgrades: Allow packages to be upgraded from stable-updates

Closes: #2512.

- Newer versions of packages such as tzdata are uploaded to
bookworm-updates (first?). However, unattended-upgrades is not configured to get
package updates from bookworm-updates even though it is configured in
/etc/apt/sources.list. So, manually installation will work but not
unattended-upgrades. Fix this by explicitly allowing bookworm-updates in
FreedomBox configuration modifications for unattended-upgrades.

Tests:

- Start a bookworm VM. tzdata package is at version 2025a-0+deb12u1. Latest
version available in bookworm-updates is 2025b-0+deb12u1. Running
'unattended-upgrades -d' on command line does not upgrade the package with that
patches.

- Apply patches, run 'sudo make build install' and rerun unattended-upgrades.
tzdata package upgrades to latest version.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>

plinth/modules/upgrades/data/usr/share/freedombox/etc/apt/apt.conf.d/60unattended-upgrades

@@ -12,6 +12,7 @@ Unattended-Upgrade::Remove-Unused-Dependencies "true";
 // ignored. Only packages that have higher priority set explicitly will get
 // upgraded. Only selected FreedomBox packages have high priority set on them.
 Unattended-Upgrade::Origins-Pattern {
+        "origin=Debian,codename=${distro_codename}-updates";
         "o=Debian Backports,n=${distro_codename}-backports,l=Debian Backports";
 };