How about adding a new header field in debian/copyright (https://dep-team.pages.debian.net/deps/dep5/) called something like "Reviews" which would be a list of URLs pointing to whatever public system was used to record a review?
Then whoever reviews the debian/copyright file has easy access to reviews the package maintainer recorded there.
