Keep a reference to the key to certify

This prevents the invalidation of the key if the key cache is refreshed
while the command is running (which happens if one does Set Owner Trust
for an untrusted certification key). The key cache invalidates the
persistent indexes which Command uses to store the selected key(s) if
the command was triggered from the certificate list.

This should be fixed directly in Command, but we are close to a release,
so that we want to keep the impact of the fix as small as possible.

GnuPG-bug-id: 6154