Verify upstream signature
Upstream provides GPG signatures for releases. Verify them in %prep.
This is particularly helpful because upstream does not provide the
releases via https.
The signing key was downloaded from the keyserver network and then
exported in a minimal format using the following commands:
fpr=910846ADEE4C5D67C19B3E6F0A24C05998BA4133
gpg --recv-keys $fpr
gpg -a --export-options export-minimal --export $fpr >gpgkey-$fpr.asc
The resulting key file matches what was added to the Debian munin
package by upstream contributor Lars Kruse, as found here:
https://salsa.debian.org/debian/munin/-/blob/debian/debian/upstream/signing-key.asc
While in the area, align the indentation of the recently added make BR.