Previously, because it's a CryptoService wrapper around a remote signer
service, it returned nil all the time. Now, because signing is done
via private key more than CryptoService, it has to return a PrivateKey.
The key doesn't have private bytes, but can be used for signing.
Signed-off-by: Ying Li <ying.li@docker.com>
Ying Li