Private keys and passwords don't belong in Ansible

roles/sigsum_agent/defaults/main.yml contains (commented out) examples of how to configure sigsum_agent_soft_key and sigsum_agent_yubihsm_passphrase, both using clear text secrets.

We should not assume that the user knows that this is bad practice.