Ensure we don't install unwanted packages even if they become "Priority: standard" again
commit:368b038b1ef887d2a85a7b2a1504ef6163d4c169, commit:4685644525247a16840b5e52ff43372dfdf5a084 could lead to these packages being installed again, e.g. in case of override discrepancy between the Debian security archive and the regular Debian archive. This has bitten us a few times in the past, e.g. with exim and mutt. So instead of simply doing what these commits do, we should do the same thing as for procmail and mutt (when the package name is a fixed string) or for geoclue (when we need a regexp).
And while we’re at it, mostly off-topic here but batching these two tasks together will save us time: let’s ensure we never ship