To support multiple gpg keys added with --add-key, propellor should * When it encrypts the privdata after a change, encrypt it to all keys listed in `privdata/keyring.gpg` * When --add-key adds a new key, it should re-encrypt the privdata, so that this new key can access it.