GNOME Keyring Daemon should be locked upon suspension and hibernation
As per Security FAQ, GNOME Keyring Daemon (GKD) should be locked upon suspension and hibernation. I don't think this is happening currently. From my side, I would add that wrapping a GKD process with
systemd-inhibit --what=shutdown:sleep:idle:handle-power-key:handle-suspend-key:handle-hibernate-key ... gnome-keyring-daemon ... if
systemd-inhibit is available on a system is a good way to both prevent and document this.