I've never used triggers, but it's most interesting. I see a potential issue here.
# Reset back to Whonix defaults interest-noawait /etc/resolv.conf interest-noawait /etc/hosts interest-noawait /etc/hostname
I think you might want to use /etc/resolv.conf.anondist instead. Because the file known to dpkg is
Moving /etc/resolv.conf out of the way and the symlink magic is done by config-package-dev. And I suppose that dpkg uses triggers on files it knows to manage. Probably not on dpkg-diverted files. But I might be wrong about this. I advice to actually test this if you want to make sure this really works.