Allow `sops updatekeys` to work on a directory tree

[thewilli]

If #545 was finished, it would be really great for sops updatekeys to work on a directory tree.

Usecase: There is a .sops.yaml file in a repository with the keys of all team members. Whenever team members come or go, it would be easy to automate or just simplify the process of granting or revoking access to encrypted content.