Behavior change: --trust option no longer overrides trust

Since that can lead to data loss, which should never be enabled by an
option other than --force.

I suppose that using --trust was in some situation, safer than --force,
because it doesn't entirely disable checking for data loss, but only
disables checking involving data that is on the specified repository.
But it seems better to be able to say that data loss only happens with
--force.

This commit was sponsored by Graham Spencer on Patreon.

doc/git-annex.mdwn

@@ -797,7 +797,6 @@ may not be explicitly listed on their individual man pages.
   Also, note that if the time limit prevents git-annex from doing all it
   was asked to, it will exit with a special code, 101.
 
-* `--trust=repository`
 * `--semitrust=repository`
 * `--untrust=repository`
 
@@ -806,6 +805,12 @@ may not be explicitly listed on their individual man pages.
   The repository should be specified using the name of a configured remote,
   or the UUID or description of a repository.
 
+* `--trust=repository`
+
+  This used to override trust settings for a repository, but now will
+  not do so, because trusting a repository can lead to data loss,
+  and data loss is now only enabled when using the `--force` option.
+
 * `--trust-glacier`
 
   Amazon Glacier inventories take hours to retrieve, and may not represent

doc/trust.mdwn

@@ -44,10 +44,6 @@ information for a repository. For example, it may be an offline
 archival drive, from which you rarely or never remove content. Deciding
 when it makes sense to trust the tracking info is up to you.
 
-One way to handle this is just to use `--force` when a command cannot
-access a remote you trust. Or to use `--trust` to specify a repository to
-trust temporarily.
-
 To configure a repository as fully and permanently trusted,
 use the [[git-annex-trust]] command.