Identities generated with older versions of `age-plugin-yubikey` show
their legacy recipient in comments; newer identities only show the new
recipient.
Encrypting to an identity requires the plugin binary, and there is a
reasonable expectation that the same (or a later) plugin binary version
will be used to decrypt, so we can assume support for the preferred
recipient type.
Some SmartCard readers report this error when no SmartCard is inserted,
so we need to check for it when filtering for connected YubiKeys (along
with `pcsc::Error::RemovedCard` which some _other_ SmartCard readers
report instead).
Closesstr4d/age-plugin-yubikey#81.
We also correctly ask for a PIN touch after the key is generated (which
does not need it) but before certificate generation (which does if the
touch policy is not "none").
Closesstr4d/age-plugin-yubikey#101.