opentf-ctl does not generate jwt tokens if the private key has a passphrase
Current situation
opentf-ctl can be used to generate jwt tokens (there is nothing special with the jwt tokens the orchestrator use, any jwt generator can be used), but if the private key has a passphrase, opentf-ctl does not know how to handle it.
Desired outcome
If the private key has a passphrase, ask for it (passing it on the command line is not a good idea