changes PasswordStore.encrypt behavior when .gpg-id support is off
(default):
old:
* ignores passed in keyID
* encrypt with first public key in keychain (gopenPGP), or entire
keychain (ObjectivePGP)
new:
* honor passed in keyID
* encrypt with all keys in keychain
So the system can have multiple private keys, and the caller doesn't
need to specify a specific one regardless.
Ideally: If there are several matches we could also take into account
which keys have already been unlocked (or passthrases saved in
keychain). Right now it only grabs the first match.
this is refactoring support, so that we can notice changes in how the
underlying APIs are called, and make changes intentionally when needed,
instead of accidentally.
