get_cert doesn't work with SSH agents

[ejholmes]

In recent versions of gpg, it can serve as an SSH agent. This allows you to easily store your SSH key on a hardware device, like a yubikey.

Unfortunately, in this setup, if you're using ssh-ca, get_cert will fail with:

$ get_cert "<url>"
Unable to find private key matching certificate.

Because it tries to find the private key in ~/.ssh. Since the private key is stored on a hardware device, it doesn't find it.

A simple workaround is to just curl "<url>" ~/.ssh/id_rsa-cert.pub instead of using get_cert, but it would be nice if get_cert just worked.