configs: enable pcscd and install helpers in root profile

configs/airgap/airootfs/etc/systemd/system/multi-user.target.wants/pcscd.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/pcscd.service

configs/airgap/airootfs/root/.bash_profile

@@ -0,0 +1,53 @@
+help() {
+cat <<EOF
+
+Airgap Arch Linux with Keyfork is best used with a removable SD card to store
+shard files and other persistent media. After inserting an SD card, run:
+
+  # discover-and-mount-sdcard
+
+Keyfork can be used to set up a Shard-secured secret with an M-of-N scheme,
+where M is the minimum amount of users required to recreate the secret and N is
+is the total amount of shardholders. An additional value, K, will be used to
+denote the amount of smartcards (i.e., backups) to provision per shardholder.
+
+  # keyfork wizard generate-shard-secret --threshold \$M --max \$N
+    --keys-per-shard \$K --output /media/mmcblk0p1/shards.pgp
+
+The Keyfork server can be started using a Shard-secred secret locally, if all
+shardholders are present, or using a QR-based remote recovery. The shard file
+does not have to be present for remote recovery.
+
+  # keyfork recover shard /media/mmcblk0p1/shards.pgp
+
+Or
+
+  # keyfork recover remote-shard
+
+Keyfork shards can be transported to a system performing the \`remote-shard\`
+operation by running:
+
+  # keyfork shard transport /media/mmcblk0p1/shards.pgp
+
+For more information, run:
+
+  # keyfork help
+
+EOF
+}
+
+discover-and-mount-sdcard() {
+  MOUNT_OPTS="-o relatime,utf8,flush,umask=0000"
+
+  lsblk -nlo NAME,FSTYPE | awk '$2 == "vfat" { print $1 }' | while read partition; do
+    echo "Automatically mounting /dev/$partition to /media/$partition"
+    mkdir -p "/media/$partition"
+    umount "/media/$partition" 2>/dev/null
+    mount $MOUNT_OPTS "/dev/$partition" "/media/$partition"
+    find "/media/$partition" -name '*.pgp' -maxdepth 2 | while read file; do
+      echo "Found potential shardfile: $file"
+    done
+  done
+}
+
+help