Document gpg-agent option auto-expand-secmem

[felixfontein]

Without it (which is unfortunately the default), running several decrypts (and possibly encrypts) in parallel causes strange errors such as

gpg: public key decryption failed: Cannot allocate memory
gpg: decryption failed: No secret key

which causes sops to fail with errors such as

Failed to get the data key required to decrypt the SOPS file.

Group 0: FAILED
  D13xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx: FAILED
    - | could not decrypt data key with PGP key:
      | golang.org/x/crypto/openpgp error: Reading PGP message
      | failed: openpgp: incorrect key; GPG binary error: exit
      | status 2
  
  828xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx: FAILED
    - | could not decrypt data key with PGP key:
      | golang.org/x/crypto/openpgp error: Reading PGP message
      | failed: openpgp: incorrect key; GPG binary error: exit
      | status 2

Recovery failed because no master key was able to decrypt the file. In
order for SOPS to recover the file, at least one key has to be successful,
but none were.

When using the vars plugin with enough hosts (say 10 or more), for me it happens quite often that some of them error out with this error.

Simply adding auto-expand-secmem to ~/.gnupg/gpg-agent.conf fixes this problem for me. Since this can be annoying more users, I think we should add it to the README.

[felixfontein]

Without this option, I can easily reproduce it with a tiny GPG encrypted file and for i in 1 2 3 4 5 6 7 8 9 10; do ( gpg --use-agent --decrypt test.gpg > /dev/null & ); done. During most runs of this command at least one gpg call produces this error.