Add support for encrypted PEM file

[0xDRRB]

It is possible to protect your PEM file with AES encryption and a password, with something like:

openssl ec -in keys.pem -out keys_encrypted.pem -aes256

but picotool does not have a mechanism for requesting the password and decrypting the file when the firmware is being signed:

ERROR: Failed to read key file /some/path/keys_encrypted.pem, error PK - Private key password can't be empty

It might be worth adding this level of protection. What do you think?