v4.8.1

• Don't keep entire decrypted message in memory while streaming (#1033)
  (When config.allow_unauthenticated_stream is set or the message is AEAD-encrypted.)
• Test loading OpenPGP.js from a Worker in the application (#1032)
• Properly detect and use Web Crypto when using OpenPGP.js from a Worker in the application.
• Terminate workers in openpgp.destroyWorker() (#1031)
• Allow calling clearPrivateParams on decrypted keys
  (Calling it on unencrypted keys was already allowed, so this safety check didn't do much.)
• Zero out private key parameters in clearPrivateParams
• Implement Key.prototype.clearPrivateParams
• Implement openpgp.getWorker().clearKeyCache()
• Clear worker key caches in openpgp.destroyWorker()
• Switch code coverage reporter to nyc (#1005)

Note: openpgp.destroyWorker() now returns a Promise (to indicate when the worker's key caches have been cleared and the workers have been terminated) but it still immediately stops OpenPGP.js from using the worker, thus should be backwards compatible in that respect.
However, this release is backwards incompatible if you were relying on the fact that openpgp.destroyWorker() didn't terminate the workers, for example by using streaming encryption / decryption with a worker active and then continuing to read from a stream of data that was returned by openpgp.encrypt/decrypt after calling openpgp.destroyWorker().