Even if all keys to sign were found in the user's normal gpg keyrings we still
need to import them (again) from any keyrings passed with --key-files - the
keys there might be newer, containing new subkeys (for encryption), uids (for
signing) or revocations.