Given that the performance penalties associated with T4592 appear to be the worst when using the traditional keyring format (pubring.gpg), i wonder whether gpg shouldn't automatically convert pubring.gpg into pubring.kbx if it notices that such a thing exists. Furthermore, the kbx format has tighter constraints against DoS.
This would incur a one-time cost to the user, but would put their GnuPG installation in a much better position going forward.
It's not clear what benefit the user gets from retaining the traditional pubring.gpg format, other than co-installation with gpg1, but co-installation doesn't work well anyway -- if the user wants to use gpg1, they should have a distinct homedir for it.
In debian, we ship migrate-pubring-from-classic-gpg to facilitate this transformation -- most people don't know how to do it manually -- but i'd love to be able to drop it if gpg could make the transition happen automatically for the user.