jpkg should be able to sign an existing module file

[Sean Mullan]

Currently, jpkg can create a signed module file from a module library, but it 
cannot take an existing module file and apply a signature to it. That's an 
important use case that is missing, and being able to separate these tasks is 
essential in situations where the signing needs to be done independently or by 
some other entity. For example, the signing key may reside on a different 
machine, or the signer may be in a different organization, etc.

In fact, I would like to make an argument that we should only support the latter 
case, that is that jpkg --sign only applies to existing module files. In other 
words, signing a file is a 2 step process, first you run "jpkg ... 
<module_name>" to create the module file, then you run "jpkg --sign ... 
<module_file>" to apply a signature to it. This would also simplify the jpkg 
CLI, as there would be fewer options to parse when signing and breaking them up 
into subcommands makes it easier to understand.

Comments?

--Sean