Verify upstream signature
    
    Upstream provides GPG signatures for releases.  Verify them in %prep.
    This is particularly helpful because upstream does not provide the
    releases via https.
    
    The signing key was downloaded from the keyserver network and then
    exported in a minimal format using the following commands:
    
      fpr=910846ADEE4C5D67C19B3E6F0A24C05998BA4133
      gpg --recv-keys $fpr
      gpg -a --export-options export-minimal --export $fpr >gpgkey-$fpr.asc
    
    The resulting key file matches what was added to the Debian munin
    package by upstream contributor Lars Kruse, as found here:
    
      https://salsa.debian.org/debian/munin/-/blob/debian/debian/upstream/signing-key.asc
    
    While in the area, align the indentation of the recently added make BR.