If for example a repository key is expired, this should not
block the whole processing, except when the package state is
"latest".

To achieve this, before installing package, we always try to
update apt cache in a separate step for which we tolerate
errors and in a second step we only install the package without
updating cache - unless the package state is latest.

The idea is when we want to install the latest package, it's a
problem if we can't update cache before, but when we just want
the package to be present, errors during apt update should are
not a problem.

Only debian was adjusted with this logic.