- creates a cli configuration flag (--slot authentication) to be
  able to specify which slots should be enabled
- allows specifying a pin policy (--slot signature,always) to allow
  for imported keys. These do not have a valid attestation which
  would be used to determine the pin policy, so we have to set it.

to enable all slots with imported keys for a typical PIV config you could use:
yubikey-agent -l agent.sock --slot authentication,once --slot signature,always --slot keymanagement,once

Try all available cards till we find the first usable one.
Also allow selecting a specific yubikey by passing -serial 1234567890

similar to ssh-add -c. uses askpass to confirm every signing operation
by the user. especially useful for cached pin scenarios.
yubikeys can cache pins and askpass can be configured to autofill from
keychain. The user might still want to know about signing operations
happening.