pgp: modernize and improve, and add tests

This replaces the current PGP keysource implementation with a modernized
version the Flux project has been using[1].

It includes utilites to configure the MasterKey via other means than
environment variables, to allow SDK users to have extensive control
over what things are decrypted with. This can for example be combined
with an own keyserver implementation.

To be able to contribute it back upstream while keeping it backwards
compatible with SOPS, a couple of changes have been made compared to
Flux:
- Instead of removing the enabling of the agent while making use of
  GnuPG, it can now be disabled.
- Support for OpenPGP has been added back. Note however my comments
  on this in-code, as I am not quite sure to what extend it is used
  at the moment, as it will not work on most setups (GnuPG <2.1 was
  released in 2017.)
- The absolute paths to the pub and sec keyrings can now be configured
  by SDK users. This would add more reason to keep OpenPGP around, if
  they are able to produce the keyring files themselves via other means
  than GnuPG.
- When a sec keyring is not detected, a lookup for the pub keyring is
  made and loaded instead if found. This to account for GnuPG >=2.1
  merging the sec keyring into pub keyring.
- Support for fetching keys from servers has been removed. This can be
  added back if we need to keep it around for a little longer.

This has extensive test coverage for GnuPG, but would need coverage for
the re-added OpenPGP implementation before it can be deemed ready.

[1]: https://github.com/fluxcd/kustomize-controller/tree/ffdda3f3da75aa39a5b5c29997c2654b6a2f1f89/internal/sops/pgp

Signed-off-by: Hidde Beydals <[email protected]>