Is your feature request related to a problem? Please describe.

In Qubes OS, the "Split-GPG" feature allows keeping the private key in a separate VM from the application (in this case guix-attest). This prevents a compromised VM (in which Bitcoin Core was built) from stealing the private signing key. Qubes provides a qubes-gpg-client-wrapper executable that has the same API as gpg. Unfortunately, there is currently no way to make guix-attest use that executable instead of plain gpg.

Describe the solution you'd like

Support an optional environment variable in guix-attest, which allows specifying an arbitrary command name that replaces gpg.

Describe alternatives you've considered

I considered a command-line parameter, but it seems that environment variables are the convention in guix-attest.

Additional context

I believe OpenTimestamps provides a wrapper with gpg's API as well, so maybe this would also be helpful for facilitating OpenTimestamps with Guix.