constraints on `USERID`

Over in https://github.com/pgpainless/pgpainless/issues/395 there is some discussion about whether it would be reasonable for a sop implementation to constrain User IDs further, beyond "raw UTF-8 string", at least for sop generate-key (or for some future sop add-userid).

For example, maybe an implementation wants to reject any string that contains U+FFFD REPLACEMENT CHARACTER, or that contains a newline (U+000A), or leading or trailing whitespace, or a NULL character (U+0000, though it's not clear, given the nature of argv, whether it would be possible to pass a NULL character directly on the CLI).

Of course, refusing to accept such a User ID during sop generate-key doesn't mean that an implementation won't encounter such User IDs in the wild.