Replace OTA sideload verification key when signing A/B devices.

The update-payload-key is used by update_engine_sideload from recovery
to verify an update payload.

Bug: 27178350

(cherry picked from commit b3e8ce6d)

Change-Id: Iac239732251e550e9966bf284b68bc9d578f22ff