fix: make send-shard work with locally generated keyrings
- Added a signing subkey to secret keygen --shoot-self-in-foot — generated certs had only encrypt/auth keys, so shard holders could never sign a send-shard request; locksmith found no signing-capable key and failed with the cryptic NoMatchingCard.
- Required signing capability in the keyring eligibility check — secret new now rejects sign-less certs upfront with a clear error, instead of letting a quorum be built, deployed, and discovered dead only at shard-sending time.
- Normalized keyrings into a single armor block in secret new — assembling a keyring with cat alice.asc bob.asc (the documented flow) creates multiple armor blocks; gpg/sequoia read them all but the rpgp-based Keymaker/Locksmith stack silently keeps only one cert, locking the dropped holders out of the quorum.
- Bumped the locksmith pin to 6918ad9 — that revision implements signing with a local private key file (--keyring); lockfile-respecting builds would otherwise compile the older locksmith without the feature the whole flow depends on.
- Extended the secret new e2e test — fixed its test keyring (no signing subkey, so it would now be rejected), and added regression coverage for both bugs: concatenated keyrings must end up as one armor block in the bundle, and sign-less keyrings must be rejected.
fix: make send-shard work with locally generated keyrings
- Added a signing subkey to secret keygen --shoot-self-in-foot — generated certs had only encrypt/auth keys, so shard holders could never sign a send-shard request; locksmith found no signing-capable key and failed with the cryptic NoMatchingCard.
- Required signing capability in the keyring eligibility check — secret new now rejects sign-less certs upfront with a clear error, instead of letting a quorum be built, deployed, and discovered dead only at shard-sending time.
- Normalized keyrings into a single armor block in secret new — assembling a keyring with cat alice.asc bob.asc ([the documented flow](https://codeberg.org/caution/docs/pulls/17)) creates multiple armor blocks; gpg/sequoia read them all but the rpgp-based Keymaker/Locksmith stack silently keeps only one cert, locking the dropped holders out of the quorum.
- Bumped the locksmith pin to 6918ad9 — that revision implements signing with a local private key file (--keyring); lockfile-respecting builds would otherwise compile the older locksmith without the feature the whole flow depends on.
- Extended the secret new e2e test — fixed its test keyring (no signing subkey, so it would now be rejected), and added regression coverage for both bugs: concatenated keyrings must end up as one armor block in the bundle, and sign-less keyrings must be rejected.