Allow safe usage of query

To allow secure usage of query and search the parameters are
no longer parsed as value but instead of positional arguments.

This allows us to register "kleoptra --query -- $1" as an
URL handler for openpgp4fpr: without the risk of command
line injection through an unsescaped query string.

Similarly the double dash should be used for file handling
to avoid command line injection through filenames.