It's all very confusing.
Since Whonix forces everything over Tor, and .onions will be the default for apt upgrades in Whonix 14, why is this even needed?
I gather the apt-transport-tor enforces updates over Tor, or not at all - so this can kind of act as a failsafe.
But then your ticket indicates you have to worry about Tor over Tor (hence why Acquire:BlockDotOnion is false) and making sure anon-ws-disable-stacked-tor is in effect for the Workstation (and Gateway?) template.
Seems a lot of work for little benefit?