Bug#1112193: Apt manual install overridden during remove

[Christian Mahnke <cmahnke@gmail.com>]

Package: apt
Version: 2.6.1
Severity: important
X-Debbugs-Cc: cmahnke@gmail.com

Dear Maintainer,

there is a critical error in `apt`: It's possible that packages markt as 
`manual` get removed during uninstall of other packages.


To repoduce:

```

docker run -it debian:bookworm

apt-get update

apt-get install podman

apt-get install -y reprepro dpkg-dev tree gpg

apt-get remove -y reprepro dpkg-dev tree gpg

```

BTW, even if the cause is wrong metadata for one of the packages above 
this is a bug in the package manager, since metadata should not be able 
to override any user requests, this is a potential denial of service 
attack vector.


-- System Information:
Debian Release: 12.11
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), 
(500, 'oldstable')
Architecture: arm64 (aarch64)

Kernel: Linux 6.6.96-0-virt (SMP w/6 CPU threads; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect

Versions of packages apt depends on:
ii  adduser                 3.134
ii  debian-archive-keyring  2023.3+deb12u2
ii  gpgv                    2.2.40-1.1
ii  libapt-pkg6.0           2.6.1
ii  libc6                   2.36-9+deb12u10
ii  libgcc-s1               12.2.0-14+deb12u1
ii  libgnutls30             3.7.9-2+deb12u5
ii  libseccomp2             2.5.4-1+deb12u1
ii  libstdc++6              12.2.0-14+deb12u1
ii  libsystemd0             252.38-1~deb12u1

Versions of packages apt recommends:
ii  ca-certificates  20230311+deb12u1

Versions of packages apt suggests:
pn  apt-doc                      <none>
pn  aptitude | synaptic | wajig  <none>
pn  dpkg-dev                     <none>
pn  gnupg | gnupg2 | gnupg1      <none>
pn  powermgmt-base               <none>

-- no debconf information