Personally, most projects outside the kernel are not really a priority for monitoring. The packaging ecosystem has always been a bit messy, but I would recommend sending the Debian and or Canonical admins a request to revoke the developer signing key to purge the problem/abandoned firejail application package moving forwards.
Perhaps firejail is dead? There's been no releases in 18 months.