Body:
On Linux, Pass CLI defaults to PROTON_PASS_KEY_PROVIDER=keyring. According to the docs, this uses kernel key retention (kernel keyring) on Linux to avoid relying on D-Bus in headless/server environments.
Because kernel secrets are cleared on reboot, this causes a forced logout after every reboot even on desktop systems:

• Login works
• Reboot
• Next run: "Local encryption key not found but session exists. Forcing logout … Run pass-cli login again."`

This is expected with kernel keyring, but it’s not a good desktop experience. On KDE/GNOME desktops, org.freedesktop.secrets (Secret Service) is available via D-Bus and users already rely on KWallet / GNOME Keyring for persistent secrets.

Feature request:

1. Add an optional key provider that stores the local encryption key in Freedesktop Secret Service (D-Bus), e.g.
   • PROTON_PASS_KEY_PROVIDER=secret-service (name up to you), or
   • automatically use Secret Service when available, and fall back to kernel keyring only in headless environments.
2. Improve the forced-logout UX by explicitly explaining the cause and the correct variable name:
   • Mention that Linux keyring uses kernel secret storage and secrets are cleared on reboot
   • Suggest alternatives in the error message (fs/env) and document the exact env vars (PROTON_PASS_KEY_PROVIDER, PROTON_PASS_ENCRYPTION_KEY, etc.)

Why this matters:
Many desktop users do not want filesystem (fs) or environment (env) key storage for security reasons, but also don’t want to re-authenticate after every reboot. Secret Service would solve this on desktops while keeping kernel keyring as a robust default for servers/containers.