Evaluate the download of OpenPGP certificates from WKD

Some early feedback from this year's image-based Linux summit:

In more dynamic contexts (e.g. package manager), one wants to download new, or updated OpenPGP certificates.

It would be great to conceptualize a library for this use-case, so that new or updated OpenPGP certificates can be downloaded to the runtime directory (e.g. /run/voa/, /run/user/$(id -u)/voa/).

Especially in system-mode it would be great to later then make this functionality available to users with uid < 1000 (except 0) via varlink, so that fetching of new verifiers can happen without privilege elevation.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

Evaluate the download of OpenPGP certificates from WKD