Log message:
mk: Introduce and use MASTER_SITE_GNUPG

Various packages around the tree use a different variant
of MASTER_SITES to access various GnuPG mirrors, let's just
centralize them in one locaiton.

While here, fix some lint warnings.

Log message:
gnupg2: updated to 2.4.7

Noteworthy changes in version 2.4.7 (2024-11-25)

* gpg: Allow the use of an ADSK subkey as ADSK subkey.
* gpg: Avoid a failure exit code for expired ultimately trusted
  keys.
* gpg: Fix comparing ed448 to ed25519 with --assert-pubkey-algo.
* gpg: Retain binary representation for import->export with Ed25519
  key signatures.
* gpgsm: Improvement for some rare P12 files.
* scd: More mitigations against lock ups with multiple cards or
  apps.
* gpgtar: Fix directory creation during extraction.
* gpg-mail-tube: Minor fixes.
* gpgconf: Add list flag to trusted-key et al.
* Fix a build problem on macOS (missing unistd.h).

Log message:
*: recursive bump for icu 76 shlib major version bump

Log message:
gnupg2: Disable installation of HTML man pages

pkgsrc cannot handle normalizing the paths.

Log message:
*: revbump for icu downgrade

Log message:
*: recursive bump for icu 76.1 shlib bump

Log message:
security/gnupg2: Update to 2.4.6

* Update MASTER_SITES.
* Mark MAKE_JOBS_SAFE=no because yat2m-stamp target in doc directory fails.
* Handle --enable-gpg-is-gpg2 case for man pages.

Changelog:
Noteworthy changes in version 2.4.6
===================================

  * gpg: New command --quick-set-ownertrust.  [rG967678d972]

  * gpg: Indicate disabled keys in key listings and add list option
    "show-ownertrust".  [rG2a0a706eb2]

  * gpg: Make sure a DECRYPTION_OKAY is never issued for a bad OCB
    tag.  [T7042]

  * gpg: Do not allow to accidently set the RENC usage.  [T7072]

  * gpg: Accept armored files without CRC24 checksum.  [T7071]

  * gpg: New --import-option "only-pubkeys".  [T7146]

  * gpg: Repurpose the AKL mechanism "ldap" to work like the keyserver
    mechnism but only for LDAP keyservers.  [rG6551281ca3]

  * gpg: ADSKs are now configurable for new keys.  [T6882]

  * gpg: New option --proc-all-sigs.  [T7261]

  * gpg: Fix a wrong decryption failed status for signed and OCB
    encrypted messages without a signature verification key.  [T7042]

  * gpg: Make --no-literal work again for -c and --store.  [T5852]

  * gpg: Fix getting key by IPGP.  [T7288]

  * gpg: Validate the trustdb after the import of a trusted key.
    [T7200]

  * gpg: Exclude expired trusted keys from the key validation process.
    [T7200]

  * gpgsm: New option --assert-signer.  [T7286]

  * gpgsm: Emit user IDs with an empty Subject also in colon mode.
    [T7171]

  * keyboxd: Fix a race condition on the database handle.  [T7294]

  * agent: Consider an empty pattern file as valid.  [rGc27534de95]

  * agent: Fix error handling of READKEY.  [T6012]

  * agent: Avoid random errors when storing key in ephemeral mode.
    [T7129, rG19d93a239d]

  * agent: Make "SCD DEVINFO --watch" more robust.  [T7151]

  * agent: Fix detection of the yet unused trustflag de-vs.  [T5079]

  * scd: Improve KDF data object handling for OpenPGP cards.  [T7058]

  * scd: Avoid buffer overrun with more than 16 PC/SC readers.
    [T7129, rG524e3a9345]

  * scd: Fix how the scdaemon on its pipe connection finishes.
    [T7160]

  * gpgconf: Check readability of some files with -X and change its
    output format.  [rG759adb2493]

  * gpg-mail-tube: New tool to apply PGP/MIME encryption to a mail.
    [rGa564a9f66c]

  * Fix a race condition in creating the socket directory.  [T7332]

  * Fix some uninitialized variables and double frees in error code
    paths.  [T7129]

Log message:
*: Recursive revbump from security/libassuan2

Log message:
revbump after icu and protobuf updates

Log message:
*: recursive bump for gnutls p11-kit option

(existing installations need the bl3.mk included, but it's now only
optionally included)