[ Reason ]
Hi!  Upstream has provided an advisory:

https://github.com/tillitis/tkeyclient/security/advisories/GHSA-4w7r-3222-8h6v

While this could be handled by a security patch, due to the complexity
of upstream's recommended solution (involving patches to
'tkey-ssh-agent' too) and low impact, it was suggested on
#debian-security to use the proposed-updated mechanism instead to just
update both packages to latest upstream version.

I'm attaching the debdiff between 1.2.0 and 1.3.0 and I suggest
something similar could be uploaded to trixie-proposed-updates.

What do you think?  Is this an acceptable way to resolve this?

If so I can prepare a similar debdiff bug report for 'tkey-ssh-agent'
for your additional review.  These two would have to go together.

[ Impact ]
If this isn't adopted, one out of 256 users that provides a USS secret
will not actually make use of the USS, thus possibly lowering their
perceived security.

[ Tests ]
This is upstream patches, so presumably well tested.

[ Risks ]
There is always a risk upstream's patches are buggy and cause unrelated
problems.

[ Checklist ]
  [ ] *all* changes are documented in the d/changelog
  [ ] I reviewed all changes and I approve them
  [ ] attach debdiff against the package in (old)stable
  [ ] the issue is verified as fixed in unstable

[ Changes ]
(Explain *all* the changes)

[ Other info ]
(Anything else the release team should know.)