misc/vault-keyring-client.sh: add flock workaround

Otherwise running terraform under tf-stage2 will often fail with:

> ansible.errors.AnsibleError: Vault password client script
> ../misc/vault-keyring-client.sh did not find a secret for
> vault-id=default: b'gpg: decryption failed: No secret key\n'

misc/vault-keyring-client.sh

 #!/bin/sh
-exec gpg --batch --decrypt --quiet "$(dirname $0)/vault-$2-password.gpg"
+
+readonly vault_password_file_encrypted="$(dirname $0)/vault-$2-password.gpg"
+
+# often getting "gpg: decryption failed: No secret key" in tf-stage2
+# seems to work with flock (issue last reproduced with gnupg 2.2.35)
+flock "$vault_password_file_encrypted" \
+  gpg --batch --decrypt --quiet "$vault_password_file_encrypted"