Just yesterday there was a thread here, where a random user was added as admin for multiple accounts for GCP accidentally, and he couldn't talk to a human on Google to get it resolved. He was neither actively looking out for nor was not anything other than the average user.
OP is correct PGP, is a hassle, and needs explicit knowledge to use it correctly.
Keybase somewhat solved it then got unpopular, but thinking about it again even Keybase never went mainstream.
While I wouldn't call it "mainstream", Keybase got a lot of computer-literate but not IT people into PGP, which hasn't really happened before. It had a good chance to go mainstream, but I guess this ending was inevitable since it was a for-profit company after all...
I understand that the average Joe isn't going to be using pgp. But the kind of folks that go looking for a security.txt file will be able to figure it out.
