Figure out a lifecycle strategy for deb publishing

[phlax]

atm once something gets published in the apt repository it will stay there

this means that unsupported and potentially vulnerable versions of envoy will continue to be published

we probably either want to stop publishing them and remove or at least push unsupported versions into a separated apt repo or mark them with separate components

this is a follow up of conversation here envoyproxy/envoy#16867