If signing the image (using either --sign-by or --sign-by-sigstore-private-key), read the passphrase to use from the specified path.