opentf-ctl does not generate jwt tokens if the private key has a passphrase

Current situation

opentf-ctl can be used to generate jwt tokens (there is nothing special with the jwt tokens the orchestrator use, any jwt generator can be used), but if the private key has a passphrase, opentf-ctl does not know how to handle it.

Desired outcome

If the private key has a passphrase, ask for it (passing it on the command line is not a good idea 😄