The signing step (espsecure sign-data) derives the signature block type
from the key file itself, so selecting e.g. the RSA app signing scheme
with an ECDSA signing key produced a successfully built image that only
failed signature verification at boot.
Check the key at configure time and fail with a clear error when:
- the key family (RSA vs ECDSA) does not match the selected app signing
scheme
- the ECDSA curve does not match the selected ECDSA key size for the
ECDSA (V1/V2) schemes
- the key cannot be parsed as an unencrypted PEM private key