ore: refactor SSH key handling logic

[andrioni]

Refactor SSH key handling logic with focus on testing and ensuring all memory used for storing private keys is properly zeroed out after use. Custom SerDe logic was added to ensure the serialization format remains unchanged, allowing for the safer in-memory representation to be independent of the secret store logic.

mzcompose tests coming in a separate PR.

Motivation

• This PR refactors existing code, following comments on #14197.

Checklist

• [x] This PR has adequate test coverage / QA involvement has been duly considered.
• [ ] This PR evolves an existing $T ⇔ Proto$T mapping (possibly in a backwards-incompatible way) and therefore is tagged with a T-protobuf label.
• [ ] This PR includes the following user-facing behavior changes:
  • N/A