This role installs a script called `edit-secrets` to /usr/local/bin
that allows you to safely edit the secrets file without needing to
manage gpg-agent yourself.