Refuse to start when invalid `server_private_key.key`

[RCasatta]

It looks providing a 0 bytes server_private_key.key causes the pin server to avoid creating a random key and use the provided one, however 0 bytes are not enough entropy :)

I think when the file is shorter than 16 bytes should refuse to start

[jgriffiths]

Not only that, it should verify the private key is valid a-la wally_ec_private_key_verify

[JamieDriver]

yy atm the key isn't loaded (and checked with ec_private_key_verify() as suggested) until it is used - ie when the first call comes in.
And yes, the server spits an error 500 (internal error) but otherwise continues running.

Agree, it would be friendlier to check that at startup and refuse to run if it's only going to error every request anyway! Cheers guys.