gpg upstream committed "gpgv: Tweak default options for extra
security." applied on the 1.x and 2.x branches:
This commit includes "[…], but we should validate the key by its self
signature for primary key, and back signature for subkey."
Our testkeys are old and do not really considered best practices in the
last years, so their most recent self-signature is SHA1-only which with
this gpg commit and our testcases defaulting to --weak-digest sha1 are
So what we do here is just applying some of the recent best practices on
top of our testcase keys.