renew private keys if they expire

If the private keys expires we should extend the expiration date (or create new subkeys). Who should do that? The upgrader background process of the keymanager? Or someone outside the keymanager (leap.mail or bitmask.core)?

(from redmine: created on 2016-06-24)