Don't offer "Trust root certificate" if users are not allowed to do this
If users are not allowed to mark certificates as (not) trusted (i.e.
gpg-agent's no-allow-mark-trusted option is set) then we don't create
the actions "Trust root certificate" and "Distrust root certificate".
This is done on startup of Kleopatra.
Additionally, if "no-allow-mark-trusted" is set then the corresponding
commands abort with an error when the user tries to use them. This
handles the case that the option is set while Kleopatra is running.
If the option is unset/removed then Kleopatra needs to be restarted to
make the actions available.
- GnuPG-bug-id: T7350