WIP

[bcmyers]

This PR is just a WIP at the moment. I'm playing around with a bunch of things and will eventually deconstruct this into several smaller, individual commits. For the moment though, I've been thinking about a couple of improvement ideas:

• There are a couple of places where you can allocate less (minor)
• You should consider "zeroizing" all the bytes of secrets (this WIP does that I think)
• You should consider making this into a library as well as a binary (mostly this means not assuming you will always be writing to / reading from files and/or stdin) (this WIP starts doing that)
• Finally, you might want to "version" your algorithm. i.e. add a byte somewhere in the output that indicates that this is version 1 so that you can change it later. The current version, for example, assumes 32 "quorum_id" bytes at the end of the PEM contents for the secret key. Maybe you want to change that later. Adding a versioning mechanism will allow you to do that but still support keys that were made with older versions. (this WIP hasn't done anything for versioning yet)