gpg-agent now supports/facilitates forwarding of the agent socket over the
network. This introduces a possibility of a remote attacker getting to
arbitrarily misuse the secret keys stored in the agent.
It would be useful to have a mode where the agent knows the unlocked secret key,
but prompts the user to confirm the use of the key when it receives a request.
I assume that pinentry (or something like it) would be used for the prompting,
but i would hope that it wouldn't require full passphrase entry; loading the key
into the agent should require the passphrase, but each use in this scenario
should only require dealing with a dialog like:
Permit use of key X? [OK] [Cancel]"