Since this canSign/canEncrypt is fundamentally busted in gpgme,
outright limit all keys we're looking at to those with secrets.

Change-Id: Ib3dfbc8ef661430efc3a8c17f2f3166af8225a56
Reviewed-on: https://gerrit.libreoffice.org/37471Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Katarina Behrens <Katarina.Behrens@cib.de>
Reviewed-by: Siegmund Gorr <siegmund.gorr@cib.de>
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>