Switch to crypto/ssh for parsing of private keys

This changes the logic for the parsing of private keys, as already
done for the source-controller, so that it is able to recognize and
work with a wider range of key formats instead of returning a vague
error:

```console
$ flux bootstrap git [..]
✗ ssh: this private key is passphrase protected
```

A patch for this was already submitted and merged in `go-git/go-git`,
but is not made available in a release yet:
https://github.com/go-git/go-git/pull/298

Signed-off-by: Hidde Beydals <hello@hidde.co>

cmd/flux/bootstrap_git.go

@@ -30,6 +30,7 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
+	cryptossh "golang.org/x/crypto/ssh"
 	corev1 "k8s.io/api/core/v1"
 
 	"github.com/fluxcd/flux2/internal/bootstrap"
@@ -232,7 +233,20 @@ func transportForURL(u *url.URL) (transport.AuthMethod, error) {
 		}, nil
 	case "ssh":
 		if bootstrapArgs.privateKeyFile != "" {
-			return ssh.NewPublicKeysFromFile(u.User.Username(), bootstrapArgs.privateKeyFile, gitArgs.password)
+			// TODO(hidde): replace custom logic with https://github.com/go-git/go-git/pull/298
+			//  once made available in go-git release.
+			bytes, err := ioutil.ReadFile(bootstrapArgs.privateKeyFile)
+			if err != nil {
+				return nil, err
+			}
+			signer, err := cryptossh.ParsePrivateKey(bytes)
+			if _, ok := err.(*cryptossh.PassphraseMissingError); ok {
+				signer, err = cryptossh.ParsePrivateKeyWithPassphrase(bytes, []byte(gitArgs.password))
+			}
+			if err != nil {
+				return nil, err
+			}
+			return &ssh.PublicKeys{Signer: signer, User: u.User.Username()}, nil
 		}
 		return nil, nil
 	default: