Decouple privkey management from cert handling

[Abuelodelanada]

          In a separate issue, should we decouple privkey management from cert handling?

Originally posted by @sed-i in #66 (comment)

[lucabello]

@sed-i is the current implementation what you meant, or can you specify what this change is supposed to be?

[sed-i]

@lucabello, ideally I'm hoping for canonical/operator#1328.
In a sense, private key management has nothing to do with cert handling.