Add apt signing keys to debian, the right way
There are many guides out there on how to add a key to Debian apt trusted signing keys. All of them either use the now deprecated apt-key, or simply dump the keys in /etc/apt/trusted.gpg.d. Both of these allow for any package to be trusted if it is signed by any keys!
The now preferred alternative is to add them to /usr/share/keyrings and then dictate which key is used to signed each of the added repositories.
Examples: