Implement hard timeout

[thesamesam]

Unfortunately, https://github.com/projg2/gemato/commit/a098d83e92fa807d95ee160b1506c4561b28eb2b (https://github.com/projg2/gemato/issues/26) appears insufficient. I've observed this a bunch of times and poked a tiny bit more yesterday. Users hit it when our sks instances on infra freeze up, etc.

It appears that gpg doesn't commit to having the timeout work in all cases, see https://dev.gnupg.org/T3893:

However if the server stops or some ugly proxy sending in the middle of a transaction we have no real way to set timeout; there are just too many ways a connection can be slowed down.

Accordingly, I think we need a hard timeout from the Python side when invoking gpg.