The existing Arch Linux docker image already uses a custom set of commands to remove the private keys from `/etc/pacman.d/gnupg`, to ensure that containers can't be exploited by containing the same common private key. This command would be useful in general for people who want to create their own rootfs distributions, or who have potentially had their rootfs compromised and would like to generate a new keyring.

Ideally, users would be able to run a `pacman-key --wipe` command to perform this operation, meaning that a `pacman-key --init` would have to be run before packages can be installed. There could potentially also be a `pacman-key --rotate` operation which would combine these two operations.

A link to the relevant code in the docker repo (at the time of writing) be found here: https://gitlab.archlinux.org/archlinux/archlinux-docker/-/blob/e8d7daa7900a9e7d571d7b7e5e16ad1b5c67839b/Makefile#L22

Ideally, this would just wipe out the keys and not remove any `gpg.conf` or `gpg-agent.conf` files already existing in the directory, as the linked version does.