Dpkg::Source::Package::V1: Allow detached upstream orig tarball signatures

Upstream orig tarballs usually come with detached signatures, which would
be useful to have in the source package, as an additional check that could
be performed to verify its integrity and provenance.

Fixes: #759478
Suggested-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>