Improve error handling and diagnostic feedback in the demo script

[paulhowardarm]

Summary

Based on some experiences with hello-parsec in the demo field, we could do with improving how the demo script handles some commonly-occurring failing cases. At the moment, errors are only really handled at the ping stage, which produces a proper error message and a reasonable chunk of troubleshooting/diagnostic feedback. But from that point on, the script is basically optimistic and does no real error handling at all.

Requirements

• Add a failure check to the create-rsa-key command, which creates the key pair for the demo. If this command fails, we need to abort the script and report the error, because otherwise the following commands will fail with obscure "resource not found" errors (because the key was not created). A troubleshooting message at this stage should tell the user to double-check the Parsec service configuration, in particular making sure that hardware configuration details (such as PKCS#11 libraries, slot numbers, slot PIN values, TPM auth values) have all been supplied as needed.
• Add a failure check to the encrypt command, which currently just pipes its output straight to decrypt. Again, if this fails it results in a confusing error message about a missing argument, which doesn't help the user. If encrypt fails, the script should abort. A useful troubleshooting hint here would be to say that the PKCS11 back-end might require the software_public_operations config flag to be set, because encrypt is an operation on the public key, which some PKCS11 tokens don't support.

Testing

This should be tested with a hardware back-end, because it would be very rare to encounter these failures using just the software back-end. Try using a PKCS11 token such as the NitroKey. Failing to provide a slot PIN in config.toml would be a good test, as would failing to enable software_public_operations.