Check for existence of private key before generating OTA

At the end of OTA generation, we will use some private key to sign the
OTA payload. Since signing happens after the payload is being generated,
if caller passes an incorrect key path, caller won't notice it until 1
hour later when delta_generator finishes. At which point caller has to
staart from scratch, pass in another key path, and wait for an hour.
Let's detect incorrect key path before calling delta_generator, so
caller will get an error message right at beginning.

Test: th
Change-Id: Iefb1e0a9ed86f82664be1675afb84c020ec28fe7