Sequoia does not honor certificate expiration on primary userid when iterating over subkeys

The following certificate is expired using a key expiration time subpacket on the primary userid, but Sequoia does not consider the certificate expired:

-----BEGIN PGP PUBLIC KEY BLOCK-----

xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv
/seOXpgecTdOcVttfzC8ycIKrt3aQTiwOG/ctaR4Bk/t6ayNFfdUNxHWk4WCKzdz
/56fW2O0F23qIRd8UUJp5IIlN4RDdRCtdhVQIAuzvp2oVy/LaS2kxQoKvph/5pQ/
5whqsyroEWDJoSV0yOb25B/iwk/pLUFoyhDG9bj0kIzDxrEqW+7Ba8nocQlecMF3
X5KMN5kp2zraLv9dlBBpWW43XktjcCZgMy20SouraVma8Je/ECwUWYUiAZxLIlMv
9CurEOtxUw6N3RdOtLmYZS9uEnn5y1UkF88o8Nku890uk6BrewFzJyLAx5wRZ4F0
qV/yq36UWQ0JB/AUGhHVPdFf6pl6eaxBwT5GXvbBUibtf8YI2og5RsgTWtXfU7eb
SGXrl5ZMpbA6mbfhd0R8aPxWfmDWiIOhBufhMCvUHh1sApMKVZnvIff9/0Dca3wb
vLIwa3T4CyshfT0AEQEAAc0hQm9iIEJhYmJhZ2UgPGJvYkBvcGVucGdwLmV4YW1w
bGU+wsEUBBMBCgAnBYJfaL9KBYkBP0xYBQsJCAcCBhUKCQgLAgQWAgMBAheAAhsD
Ah4BACEJEPv8yCoBXnMwFiEE0aZuGiOxgsmYD3iM+/zIKgFeczB+7gv7B+G4pHdV
ITJ4okKyIvliv2+I1FcbJasEQRmlXkeKIAkhRYG81uOoEjtdz8s1YqYt+UW8nhy1
kjSHfAylYmdt+4vMAzEnRQ7wYZBw9GloasBT5CnSmpEJtKbPScnJvE7qpMqhF+QZ
gq2z+JEZ1nsd/SRTG7YunSn8T3G+gBax0BhEwyjqnagIYSuvjX9f9RgaLAZiuUvB
5PtEsT0bu+in55vk9fD+gvCag3/GdjPWtohI02v9ScBbhAIZkSe3DCSJ2aTcwtri
LSibDRB0hLNWuZ6alcDh3OQudTMg+BbXk6alj1gqwg7GJZffeZuLoy5/SSnu25Ka
yVBRAo3zYm9Hb7zTQSE/FzIn7ecGyY/JAx+3YZfHxdQ3Xp9JtjlIFt8ne0AqWaZ0
JGJVrb6LQJA3FCbd8dopBQtQ2+h5nt44VBu7SIAwwrnbYEpXDPFXDtELpabPP2oY
ktVGEhgr8QXG7k4970vdjrPrvp6BpkH1pdqH8K3l4oIgJQLl2Phx9zIbzsDNBF2l
nPIBDADWML9cbGMrp12CtF9b2P6z9TTT74S8iyBOzaSvdGDQY/sUtZXRg21HWamX
nn9sSXvIDEINOQ6A9QxdxoqWdCHrOuW3ofneYXoG+zeKc4dC86wa1TR2q9vW+RMX
SO4uImA+Uzula/6k1DogDf28qhCxMwG/i/m9g1c/0aApuDyKdQ1PXsHHNlgd/Dn6
rrd5y2AObaifV7wIhEJnvqgFXDN2RXGjLeCOHV4Q2WTYPg/S4k1nMXVDwZXrvIsA
0YwIMgIT86Rafp1qKlgPNbiIlC1g9RY/iFaGN2b4Ir6GDohBQSfZW2+LXoPZuVE/
wGlQ01rh827KVZW4lXvqsge+wtnWlszcselGATyzqOK9LdHPdZGzROZYI2e8c+pa
LNDdVPL6vdRBUnkCaEkOtl1mr2JpQi5nTU+gTX4IeInC7E+1a9UDF/Y85ybUz8XV
8rUnR76UqVC7KidNepdHbZjjXCt8/Zo+Tec9JNbYNQB/e9ExmDntmlHEsSEQzFwz
j8sxH48AEQEAAcLA9gQYAQoAIBYhBNGmbhojsYLJmA94jPv8yCoBXnMwBQJdpZzy
AhsMAAoJEPv8yCoBXnMw6f8L/26C34dkjBffTzMj5Bdzm8MtF67OYneJ4TQMw7+4
1IL4rVcSKhIhk/3Ud5knaRtP2ef1+5F66h9/RPQOJ5+tvBwhBAcUWSupKnUrdVaZ
QanYmtSxcVV2PL9+QEiNN3tzluhaWO//rACxJ+K/ZXQlIzwQVTpNhfGzAaMVV9zp
f3u0k14itcv6alKY8+rLZvO1wIIeRZLmU0tZDD5HtWDvUV7rIFI1WuoLb+KZgbYn
3OWjCPHVdTrdZ2CqnZbG3SXw6awH9bzRLV9EXkbhIMez0deCVdeo+wFFklh8/5VK
2b0vk/+wqMJxfpa1lHvJLobzOP9fvrswsr92MA2+k901WeISR7qEzcI0Fdg8AyFA
ExaEK6VyjP7SXGLwvfisw34OxuZr3qmx1Sufu4toH3XrB7QJN8XyqqbsGxUCBqWi
f9RSK4xjzRTe56iPeiSJJOIciMP9i2ldI+KgLycyeDvGoBj0HCLO3gVaBe4ubVrj
5KjhX2PVNEJd3XZRzaXZE2aAMQ==
=2qJE
-----END PGP PUBLIC KEY BLOCK-----

Note how Sequoia knows the primary key is expired, but that doesn't prevent .keys() to return the subkeys that we then use for encryption:

% sq inspect /tmp/k
/tmp/k: OpenPGP Certificate.

    Fingerprint: D1A6 6E1A 23B1 82C9 980F  788C FBFC C82A 015E 7330
                 Invalid: Expired on 2020-06-13T14:57:14Z
Public-key algo: RSA (Encrypt or Sign)
Public-key size: 3072 bits
  Creation time: 2019-10-15 10:18:26 UTC
Expiration time: 2020-06-13 14:57:14 UTC (creation time + P242DT16728S)
      Key flags: certification, signing

         Subkey: 1DDC E15F 0921 7CEE 2F3B  3760 7C2F AA4D F93C 37B2
Public-key algo: RSA (Encrypt or Sign)
Public-key size: 3072 bits
  Creation time: 2019-10-15 10:18:26 UTC
      Key flags: transport encryption, data-at-rest encryption

         UserID: Bob Babbage <bob@openpgp.example>

% sq encrypt --recipient-key-file=/tmp/k <<< huhu
-----BEGIN PGP MESSAGE-----

wcDMA3wvqk35PDeyAQwAumjVw/1818qZRqEkzCuiedIY0IFW10FM93Y/fSjknZR0
4l2ydamh6hkbiWD/I+EVm07HPb5EkH2tBLN4/glxWGTXTt7NUFnb3AEh8kmi41Xu
laaiqDKG6/o8jYfR9+uVlQ5PkzpwTL19hvjFskYclnoBsKkUOqAhA2iPLVv6iFc1
46CoNIqatzRq3qypmbaMDGdz8aHDpnHnKwVu6SumisSWOZoGhn7kPfIj7n+FVpsW
RR+JeDPx/8d2jofDWWuNm97Z8H6qG8n4xN73i6gl0K4I+I2V69a/jFQg2FXjTxHw
brx6qVT+RiJNEVZ+BQrrWUOtghwARPOWskriPxeaMOAp9q5bscAC2M95ugPCxdtl
1p6zntCRj9lUF+Rk1FT3L4XKAwgCiRpCmmtVIdQkd8fOeXE6VCrzVeWkf71v9Tr6
9iSmTfW57o9i1o0Oip1ncumVAtHDGNxd1MGB0uxDME8JTyPiETKx7iPVyC3VrF8A
eeEUY4OKQUtaZnwoekvG0j8BKEjXrW15snFl6+x22drhWTI7RU1++xx/3sLvlja/
Y0iicS12buMQngyizb/KX8061VQtP2tEfubSGKBa+HE=
=3a2H
-----END PGP MESSAGE-----