style: rc.subr uses "[ ... ] && " instead of "test ... &&".
Other places below are similar.

style: rc.subr uses "if [ ... ]" instead of "if test ...".

style (entire patch): rc.subr uses "for ...; do". The same for "while ... ; do".

something missing (return?) after && or line continuation (= missing indent) and line continuation character missing.

for better readability: actions in case statemements should be line seperated, not semicolon seperated, and the end of each case should be on its own line too, e.g.
---snip---
--arg)

_arg="$s"
shift 2
;;

---snip---

Same as above, and additionally missing indent for the case.

Shouldn't this be "$_dot" instad of "vdot"?

There is no need to escape newline after && etc, the shell knows that more is needed, thus the sed command is only done if $cf is non-empty

No, $_dot is only used in load_rc_config so caller can control which of dot, sdot or vdot should be used.
Here we want vdot - we want to be sure rc.subr.local has not been tampered with.

So only a style remark: indent missing for the continuation. And just noticing, I think we have switched to use $( ...) for subshells.

In that case I suggest to add a comment to this effect.

Sorry? where is indent missing?

Sure, and thanks for the feeback btw

The case statement below with only one case. But as you don't indent each case but have it on the same height than the case keyword, you can forget my comment (personally I don't care which of both stales are used, and I failed to check which style is used in rc.subr before now...). You can mark this as done.

Would this be better named local.rc.subr ?

Maybe this should be debug.subr?

Did you mean to include this?

Copyright placement is non-standard.
Also, the license isn't any of the standard ones. Maybe ISC license would be closest?

This may just be my preference, but , is a very visually indistinct mark. I prefer / typically for this.

why is local hard coded to be trusted?

not a problem, per-se, but some routines have long args, others don't. any reason?

How do you prevent un-trusted files from bringing in other files with a bare dot?

It is a standalone facility for debugging complicated shell scripts, is existed in much this form for about 30 years, I'd rather leave it alone.

I can leave it out of this patch - the no-op Debug{On,Off} at the end of rc.subr ensure no harm.

But I figured others could make use of it.

True, as noted this thing has been around like this for a long time,
I've no objection to adding an

SPDX-License-Identifier: BSD-2-Clause

which is morally equivalent.

Sure

Excellent question - part of the discussion I wanted to have on this ;-)
I'd prefer to apply the same verify requirement.

The long args to run_rc_scripts are an aid to understanding,
these can also be made long (--verify and --safe ?)

You cannot, that's the whole point of allowing -v etc.
Eg. I have an rc.d/audit which uses -v to ensure only a trusted config can be used. We turn on -o verify to help prevent a trusted file accidentally reading in an untrusted one.

There are of course limits - if you allow any untrusted files you accept a risk.
I guess it would makes sense to allow rc.conf et al to set the default _dot for load_rc_config so the truely paranoid can set it to _vdot or _sdot

If you have a better name suggestion that load_rc_config_reader for controlling which of {dot,sdot,vdot} should be used by default - I should validate it is one of those...