Allow using Transferable Secret Keys to encrypt and verify

The current draft says:

If any CERTS input contains secret key material, sop MUST fail with BAD_DATA. This strictness is intended to keep the consumer of the sop interface clear about what material they are dealing with in what locations. This should reduce the consumer's risk of accidentally exposing secret key material where they meant to expose a CERTS object.

This justification makes sense, however, it precludes the use of draft-ietf-openpgp-persistent-symmetric-keys with SOP, as the use of persistent symmetric keys requires passing secret key material to encrypt data symmetrically or verify symmetric attestations.

Note also that OpenPGP.js and GopenPGP currently happily accept TSKs in the place of TPKs (even before the changes required for draft-ietf-openpgp-persistent-symmetric-keys), and this is sometimes useful also in the context of testing, e.g. it would simplify this test and reduce its recorded command size (since we'd only need one artifact instead of two per test vector).

Perhaps we could either:

1. Emit a warning rather than an error,
2. Add a flag to indicate that secret keys were passed intentionally, or
3. Add an exception for persistent symmetric key material?

If any of these solutions seem agreeable I can make an MR :)