Indicate rough expected capabilities for generated secret keys
sop generate
basically says "make a secret key" but maybe we need to document that the certificate as a whole needs to have at least certification and signing and encryption capabilities.
Edited by Daniel Kahn Gillmor