Don't leak passwords into the process table.

- Remove the offending argument.  Without it, the linter will ask
    for passwords on the tty, aligning it with the rest of sq.
    Programmatic input of passwords is an open question, see #140.

  - Fixes #168.

src/cli/keyring.rs

@@ -361,12 +361,6 @@ pub struct LintCommand {
     #[arg(short, long)]
     pub export_secret_keys: bool,
 
-    /// A key's password.  Normally this is not needed: if stdin is
-    /// connected to a tty, the linter will ask for a password when
-    /// needed.
-    #[arg(short, long)]
-    pub password: Vec<Password>,
-
     /// If set, outputs a list of fingerprints, one per line, of
     /// certificates that have issues.  This output is intended for
     /// use by scripts.

src/commands/keyring/lint.rs

@@ -246,7 +246,7 @@ pub fn lint(config: Config, mut args: LintCommand) -> Result<()> {
 
     let reference_time = config.time;
 
-    let mut passwords: Vec<Password> = args.password;
+    let mut passwords = Vec::new();
 
     let mut out = args.output.create_pgp_safe(
         config.force, args.binary,

tests/sq-keyring-lint.rs

@@ -254,7 +254,9 @@ mod integration {
         t("only-md5", Some("priv"), &[], 2, 0);
     }
 
-    #[test]
+    /// XXX: Disabled because there is no non-interactive way to feed
+    /// passwords to it.
+    #[allow(dead_code)]
     fn passwords() {
         // User ID: SHA1
         // Enc Subkey: SHA1
@@ -269,7 +271,9 @@ mod integration {
         t("all-sha1-password-Foobar", Some("priv"), &["bar", "Foobar"], 2, 2);
     }
 
-    #[test]
+    /// XXX: Disabled because there is no non-interactive way to feed
+    /// passwords to it.
+    #[allow(dead_code)]
     fn multiple_passwords() {
         // The primary is encrypted with foo and the signing subkey
         // with bar.  We need to provide both, because the signing