`sop encrypt`: Allow passing a single CERTS object per recipient with multiple redundant certificates

When encrypting to one or more recipients, if some or all of the recipients have multiple certificates, which are potentially redundant (e.g. they share the same User IDs, and/or one is a replacement key of the other, or one is a persistent symmetric key and the other is asymmetric), then it would be useful to be able to have SOP encrypt to only one of the certificates (perhaps up to the discretion of the OpenPGP implementation, i.e. whichever it thinks is best).

We could add a flag for this, e.g. sop encrypt --one-recipient-per-certificate-bundle as @dkg suggested.

If this seems reasonable I can make an MR for this :)