Support external firmware signing

[eliasnaur]

It would be nice to use picotool for signing firmware images without exposing the private key. I imagine the following flow:

$ picotool seal -hash firmware.uf2 firmware.hashed.uf2
$ export HASH=`picotool info -h firmware.hashed.uf2`      # add a -h flag to dump the hash, otherwise `picotool -m firmware.hashed.uf2|grep ...`
$ export SIGNATURE=... # Externally sign $HASH.
$ picotool seal -sign -signature "$SIGNATURE" -pubkey $PUBKEY firmware.hashed.uf2 firmware.signed.uf2

In other words, add support for an externally supplied public key and signature to picotool seal -sign, to convert a previously hashed image to a signed image by replacing its HASH_VALUE item with a SIGNATURE item. Optionally, add a picotool info -h for convenient dumping of a firmware image hash.

This is a generalization of #198 .