Luckily for you, upstream has already fixed this issue in the master Git branch; I've linked the pull request above.
I've looked at that pull request, it doesn't seem relavent, seems to relate to building the embedded copy of mbedtls, while the debian package is patched to use system mbedtls.
I looked at what was actually failing and noticed that the Debian package currently ships a patch to build against system psa-crypto instead of the embedded copy. I was able to tweak that patch to build with the new version of mbedtls, but in doing so broke the build with the old mbedtls, as such I have uploaded it to experimental for now.
