Error out when keystore is not auto-detected and `--keystore` flag is missing

[n-dusan]

We currently prompt the user to paste in their private keys when a --keystore flag is missing, but keystore was not auto-detected. We don't seem to actually use that functionality of passing in a key through the prompt.

What we instead should do is error out if keystore is missing/not auto-detected.

What we do end up losing is the ability to paste in an arbitrary private key. Is that important to resolve? Could it happen that there are multiple keystores that need to be read from?

[renatav]

This was the case in older versions of taf. We currently ask the user to insert an YubiKey and error out if they do not do so:

taf metadata update-expiration-dates --role snapshot
YubiKey not inserted
Sign snapshot using YubiKey(s)? [y/N]: n

Error: could not update expiration date: Cannot load keys of role snapshot

However, if you run the same command with the --prompt-for-keys option, you will be asked if you want to manually enter a key:

taf metadata update-expiration-dates --role snapshot --prompt-for-keys
YubiKey not inserted
Sign snapshot using YubiKey(s)? [y/N]: n
Manually enter snapshot key? [y/N]: y
Enter snapshot private key without its header and footer

If there is a CLI command that does not follow this pattern, or if there are any more specific requirements, let's reopen the issue.