passage: decrypt identities file before multiple decryptions

[derat]

If the identities file appears to be an age-encrypted file, decrypt it to the secure temporary directory for commands that run multiple "age -d" commands (edit, find, reencrypt). This avoids repeatedly prompting for the same password.

[derat]

Not sure whether this is reasonable or not from a security perspective, as it creates a window where the identity is accessible under /dev/shm. I couldn't come up with any other way to make commands like grep usable in conjunction with a password-protected identity, though (#3, #16).