When the Key Type is not forced we correctly update key usage depending on the subkey selection.
But in case we have
In the config the usage is not correctly forced. This leads to the situation where the user can uncheck all usage checkboxes for the certficiate except certify, which then results in a general error because the subkey is forced.
I would just also make the usage checkboxes read only when PGPKeyType is forced. For now we don't have a usecase for forced usage differences.