Update qrexec keyword characters

user/common-tasks/copy-paste.md

@@ -62,8 +62,8 @@ You may wish to configure this policy in order to prevent user error.
 For example, if you are certain that you never wish to paste *into* your "vault" AppVM (and it is highly recommended that you do not), then you should edit the policy as follows:
 
 ~~~
-$anyvm  vault   deny
-$anyvm  $anyvm  ask
+@anyvm  vault   deny
+@anyvm  @anyvm  ask
 ~~~
 
 Shortcut Configuration

user/common-tasks/disposablevm.md

@@ -123,7 +123,7 @@ Sometimes it can be useful to start an arbitrary program in a DisposableVM.
 This can be done from an AppVM by running
 
 ~~~
-[user@vault ~]$ qvm-run '$dispvm' xterm
+[user@vault ~]$ qvm-run '@dispvm' xterm
 ~~~
 
 The created DisposableVM can be accessed via other tools (such as `qvm-copy-to-vm`) using its `disp####` name as shown in the Qubes Manager or `qvm-ls`.

user/common-tasks/software-update-vm.md

@@ -218,12 +218,12 @@ This new design allows for templates to be updated even when they are not connec
 Example policy file in R4.0 (with whonix installed, but not set as default updatevm for all templates):
 ```
 # any VM with tag `whonix-updatevm` should use `sys-whonix`; this tag is added to `whonix-gw` and `whonix-ws` during installation and is preserved during template clone
-$tag:whonix-updatevm $default allow,target=sys-whonix
-$tag:whonix-updatevm $anyvm deny
+@tag:whonix-updatevm @default allow,target=sys-whonix
+@tag:whonix-updatevm @anyvm deny
 
 # other templates use sys-net
-$type:TemplateVM $default allow,target=sys-net
-$anyvm $anyvm deny
+@type:TemplateVM @default allow,target=sys-net
+@anyvm @anyvm deny
 ```
 
 Note on treating AppVM's root filesystem non-persistence as a security feature