gpg-agent zombie apocalypse on web-11

git      116339  0.0  0.0      0     0 ?        Z    02:38   0:00 [gpg2] <defunct>
git      116341  0.0  0.0      0     0 ?        Z    02:38   0:00 [gpg2] <defunct>
git      116343  0.0  0.0      0     0 ?        Z    02:38   0:00 [gpg2] <defunct>
git      116345  0.0  0.0      0     0 ?        Z    02:38   0:00 [gpg2] <defunct>
git      116347  0.0  0.0      0     0 ?        Z    02:38   0:00 [gpg2] <defunct>
git      116349  0.0  0.0      0     0 ?        Z    02:38   0:00 [gpg2] <defunct>
git      116351  0.0  0.0      0     0 ?        Z    02:38   0:00 [gpg2] <defunct>
git      116353  0.0  0.0      0     0 ?        Z    02:38   0:00 [gpg2] <defunct>
git      116356  0.0  0.0      0     0 ?        Z    02:38   0:00 [gpg2] <defunct>
git      116358  0.0  0.0      0     0 ?        Z    02:38   0:00 [gpg2] <defunct>
git      116360  0.0  0.0      0     0 ?        Z    02:38   0:00 [gpg2] <defunct>
git      116362  0.0  0.0      0     0 ?        Z    02:38   0:00 [gpg2] <defunct>
git      116364  0.0  0.0      0     0 ?        Z    02:38   0:00 [gpg2] <defunct>
git      116366  0.0  0.0      0     0 ?        Z    02:38   0:00 [gpg2] <defunct>
git      116368  0.0  0.0      0     0 ?        Z    02:38   0:00 [gpg2] <defunct>
git      116370  0.0  0.0      0     0 ?        Z    02:38   0:00 [gpg2] <defunct>

Total number of zombies ~850.

Slack discussion start: https://gitlab.slack.com/archives/C101F3796/p1522940029000034

same behavior on web-10, to a lesser extent.

@jtevnan can you fill what I'm missing here?

During discussion with @bkc we come up with an idea to prestart gpg-agent and inject GPG_* envvars to unicorn process so that it reuses the same process instead of starting new one every time. Since that is not currently configurable with omnibus, it'll need to be a part of hack_* recipe group.

/cc @gl-infra