Validate gpgconf binary on object destructor

Fixes potential of using the Crypt_GPG_Engine class to execute remote code
by injecting an incomplete object with $_gpgconf property into a session.

Author: alecpl

Crypt/GPG/Engine.php

@@ -1831,7 +1831,8 @@ private function _closePipe($pipeNumber)
      */
     private function _closeIdleAgents()
     {
-        if ($this->_gpgconf) {
+        // Note: We check that this binary is executable again for security reasons
+        if ($this->_gpgconf && is_executable($this->_gpgconf)) {
             // before 2.1.13 --homedir wasn't supported, use env variable
             $env = ['GNUPGHOME' => $this->_homedir];
             $cmd = $this->_gpgconf . ' --kill gpg-agent';