Detect and prompt for passwords on SSH private keys, then strip them

Summary:
Fixes T4356. Currently, if users add a passworded private key to the Passphrase application, we never ask for the password and can not use it later. This makes several changes:

• Prompt for the password.
• Detect passworded private keys, and don't accept them until we can decrypt them.
• Try to decrypt passworded private keys, and tell the user if the password is missing or incorrect.
• Stop further creation of path-based private keys, which are really just for compatibility. We can't do anything reasonable about passwords with these, since users can change the files.

Test Plan: Created a private key with a password, was prompted to provide it, tried empty/bad passwords, provided the correct password and had the key decrypted for use.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T4356

Differential Revision: https://secure.phabricator.com/D8102