Use putenv() rather than setenv().
Most environment handling implementations aren't thread-safe and can
lead to crashes do to an invalid pointer reference. The putenv()
function instead uses a variable provided by the application and
getenv() references this variable rather than a pointer (in glibc at
least).
Using putenv() still has the problem of the possibility of the variable
being accessed by one thread while being modified by another (incomplete
copy of a value to the variable), but this is less likely than the
invalid pointer reference problem.
A proper fix would be to set the pinentry environment for each gpgme
context but that is not possible without a minor gpgme change that
requires major gpgme API version bump.
Also unset DISPLAY, GPG_TTY and TERM before pwmd fork()'s.