Keep secret keys in locked memory until they're encrypted.
(Raaz makes this possible to do.)
Would be nice, but not super-important, since gpg secret keys
are passphrase protected anyway.. But, see [[remove_gpg_key_passphrase_from_backed_up_gpg_keys]].