The primary imported key during setup still has to be openpgp
But this will add option to import a secondary s/mime key in settings
There should be a way to differentiate stored keys if they are openpgp or x509 (in KeyInfo or whatever gets stored), and this needs to be done in a way that would not break upgrades. That means we could do a storage migration on upgrade, or we could design it carefully to be forward-compatible without a migration.