Document trust model adjustment
A common opass user complaint is around trust mechanics. I've added a note to the documentation about the PASSWORD_STORE_GPG_OPTS envvar. Please review the security recommendation there. Are we comfortable with that? Arugably, that should be a separate commit, but I already pushed and it isn't worth the hassle. I can fix that if review suggests it is necessary.