Log Message:
sequoia-sq: update to 0.39.0.

* Changes in 0.39.0
** Notable changes
   - Subcommand `sq key userid strip` has been moved to `sq toolbox
     strip-userid`.
   - `sq key adopt` supports adopting bare keys (i.e., a primary key
     without any signatures).
   - `sq key adopt` add options (`--can-sign`, `--cannot-sign`,
     `--can-authenticate`, `--cannot-authenticate`, `--can-encrypt`,
     `--cannot-encrypt`) to allow overriding the key flags.
   - `sq key adopt` now accepts the option `--creation-time` to allow
     the user to override the key's creation time.
   - `sq key adopt` sets the key's creation time to the current time
     (while respecting `--time`) if `--creation-time` is not
     specified, and the key's time is the Unix epoch.
   - To select the type of generated DNS resource records a new switch
     has been introduced.  `sq network dane generate --type generic`
     replaces the old `--generic` flag.
   - `sq key adopt` is now called `sq key subkey bind`.
   - The option to verify a detached signature has been renamed from
     `--detached` to `--signature-file`: `sq verify --signature-file
     foo.sig foo.txt`.
   - `sq key userid revoke` has a new flag `--add-userid` that adds
     missing user IDs, analogous to the flag in `sq pki certify`.
     Previously, the global `--force` was used for this.
   - `sq pki link add` and `sq pki link retract` have a new flag
     `--recreate` that forces a signature to be created even if it
     should not be necessary because the parameters did not change.
     Previously, the global `--force` was used for this.
   - The global `--force` flag has been renamed to `--overwrite` and
     now controls whether existing files are overwritten.
   - The argument `--signer-key` is now just called `--signer`.
   - The arguments to name recipients for encryption now use the
     `--for` prefix, as in `sq encrypt --for-email alice@example.org`.
     Further, `--recipient-cert` is now just called `--for`
   - The environment variables to override the default cert store and
     key store location have been renamed from SQ_CERT_STORE to
     SEQUOIA_CERT_STORE, and SQ_KEY_STORE to SEQUOIA_KEY_STORE,
     respectively.
   - `sq toolbox packet split` now requires an explicit output
     parameter.
   - `sq pki certify` no longer supports using expired or revoked
     certificates; the options `--allow-not-alive-certifier` and
     `--allow-revoked-certifier` have been removed.
   - `sq toolbox keyring filter --handle` has been made more robust by
     splitting `--handle` into `--cert` and `--key`, where the former
     only matches on primary keys, and the latter matches on both
     primary keys and subkeys.
   - The argument `sq network keyserver publish --require-all` is the
     default now and has been removed.
   - The argument `sq key generate --rev-cert ...` is now mandatory if
     `--output` has been given.
   - `sq network fetch` has been renamed to `sq network search` to
     emphasize that this is key discovery, and may return related or
     even wrong results.  Likewise for the key server, WKD, and DANE
     methods.
   - `sq pki certify`'s positional argument for specifying the user ID
     to certify must now be specified using a named argument,
     `--userid`, or `--email`.  The `--email` argument no longer
     changes the meaning of how `--userid` is interpreted, but takes
     an email address.  The `--userid` and `--email` arguments may be
     given multiple times to certify multiple user IDs at once.
   - `sq pki certify`'s positional argument for specifying the
     certificate to certify must now be specified using a named
     argument, `--cert` or `--cert-file`.
   - Previously `sq pki certify` could create certifications, and mark
     a certificate as a trusted introducer (when the user set
     `--depth` to be greater than zero).  The latter functionality has
     been split off to the new subcommand `sq pki authorize`.
   - Add the `--domain` argument to `sq pki authorize` so the user
     doesn't have to manually convert a domain to a regular
     expression.
   - `sq pki link add`'s positional argument for specifying the
     certificate to link must now be specified using a named
     argument, `--cert`.
   - `sq pki link retract`'s positional argument for specifying the
     certificate to unlink must now be specified using a named
     argument, `--cert`.
   - Removed `sq pki link add`'s positional argument for specifying a
     user ID directly or by email address.  Use the named arguments,
     `--userid` or `--email` instead.
   - Add `--add-userid` to `sq pki link add`.  This aligns it with `sq
     pki certify`.
   - Removed `sq pki link add`'s `--petname` argument.  Use `--userid`
     in conjunction with `--add-userid` instead.
   - Previously `sq pki link certify` could create certifications, and
     mark a certificate as a trusted introducer (when the user set
     `--depth` to be greater than zero).  The latter functionality has
     been split off to the new subcommand `sq pki link authorize`.
   - Move `sq pki certify` to `sq pki vouch certify`.
   - Move `sq pki authorize` to `sq pki vouch authorize`.
   - Move `sq pki list` to `sq cert list`.
   - Add a new flag `--all` to `sq network wkd publish` and `sq
     network dane generate` that adds all certificates with a user ID
     in the target domain that can be authenticated.
   - The argument `sq verify --signer-cert` is now called `--signer`.
   - The argument `sq network wkd --rsync` which previously had an
     optional value argument has been split into two arguments, a
     boolean `--rsync` to enable the use of rsync, and `--rsync-path`,
     which implies `--rsync`, to specify a path to the local rsync
     executable.
   - When exporting certificates selected by user IDs (i.e. --email,
     --userid, --domain, or --grep), the bindings are authenticated and
     only those certificates that can be authenticated are exported.
   - The do-what-I-mean query parameter has been removed from `sq cert
     export`.
   - `sq autocrypt import` has been merged into `sq cert import`.
   - `sq autocrypt decode` and `sq autocrypt encode-sender` are
     removed without substitute.
   - `--cert` now only looks up by primary key fingerprint.
   - The argument `sq key delete --cert-file` has been renamed to
     `--file`.
   - The argument `sq key delete --file` now requires `--output`.
   - The argument `sq cert lint --cert-file` has been renamed to
     `--file`.
   - The argument `sq key password --cert-file` has been renamed to
     `--file`.
   - The argument `sq key password --file` now requires `--output`.
   - The argument `sq key expire --cert-file` has been renamed to
     `--file`.
   - The argument `sq key expire --file` now requires `--output`.
   - The argument `sq key revoke --cert-file` has been renamed to
     `--file`.
   - The argument `sq key revoke --file` now requires `--output`.
   - The argument `sq key userid add --cert-file` now requires
     `--output`.
   - The argument `sq key userid revoke --cert-file` now requires
     `--output`.
   - The argument `sq key subkey add --cert-file` has been renamed to
     `--file`.
   - The argument `sq key subkey add --file` now requires `--output`.
   - The argument `sq key subkey delete --cert-file` has been renamed
     to `--file`.
   - The argument `sq key subkey delete --file` now requires
     `--output`.
   - The argument `sq key subkey password --cert-file` has been
     renamed to `--file`.
   - The argument `sq key subkey password --file` now requires
     `--output`.
   - The argument `sq key subkey expire --cert-file` has been renamed
     to `--file`.
   - The argument `sq key subkey expire --file` now requires
     `--output`.
   - The argument `sq key subkey revoke --cert-file` has been renamed
     to `--file`.
   - The argument `sq key subkey revoke --file` now requires
     `--output`.
   - The argument `sq key subkey bind --cert-file` has been renamed to
     `--file`.
   - The argument `sq key subkey bind --file` now requires `--output`.
   - The argument `sq key approvals update --cert-file` now requires
     `--output`.
   - The pEp store integration has been removed.
   - Removed `sq pki path`'s `--gossip` argument, it didn't actually do
     anything.
   - Changed `sq key subkey expire`'s expiration argument from a
     positional argument to a named argument, `--expiration`.
   - Changed `sq key expire`'s expiration argument from a positional
     argument to a named argument, `--expiration`.
   - Changed `sq key revoke`'s reason and message arguments from
     positional arguments to named arguments, `--reason`, and
     `--message`, respectively.
   - Changed `sq key subkey revoke`'s reason and message arguments from
     positional arguments to named arguments, `--reason`, and
     `--message`, respectively.
   - Changed `sq key userid revoke`'s reason and message arguments from
     positional arguments to named arguments, `--reason`, and
     `--message`, respectively.
   - `sq cert import` now supports importing bare revocation
     certificates.