I changed the wrapper to call gpgv instead of gpg. It is much easier
and cleaner to use local configuration this way, and it won't produce
a warning that the key isn't trusted.
I also removed used of an environment variable, as we (currently) only
pass one keyring filename here.