use %{gpgverify} macro to verify tarball signature
The macro is now available for all supported Fedora and EPEL releases.
(It is presumed that EL-9 will include %{gpgverify} as it will be
branched from F-34. If that turns out to be false, we will adjust
later.)
The Packaging Guidelines require the use of the %{gpgverify} macro:
https://docs.fedoraproject.org/en-US/packaging-guidelines/#_verifying_signatures