key manager should not write private keys to disk in cleartext

Currently, we use a python wrapper around gpg that creates a temporary keyring with the user's private key each time we need to perform an operation on this key.

This is a problem! We are writing the private key of the user to the disk unprotected.

We should set a random password for the private keys that are added to the tmp keyring, and keep this random password around in memory only as long as the tmp keyring is needed.

This method will not help protect the metadata in the public keys, since the keyring itself cannot be password protected, only the individual private keys. I think this is fine.

(from redmine: created on 2016-06-03, relates #8170, relates #8107 (closed))