Decouple BLS signing key to use with external signer

[richardpringle]

Context and scope
This started from a discussion centred around hardening the security of ICM signatures here (the discussion digresses a bit).

What we want is to enable the use of an external signer. The first step is to completely abstract BLS signing such that a signing service can be injected.

Discussion and alternatives
I think this should probably happen inside the bls util package in a way that encapsulates the private/secret-key with a "signing service". All current instances of use of secret keys should be replaced with a LocalBLSSigningService.

After combing through the code, it looks like the following files use a bls.SecretKey

• chains/manager.go
• vms/platformvm/warp/signer.go
• node/config.go
• vms/platformvm/signer/proof_of_possession.go
• network/peer/ip.go
• network/peer/ip_signer.go
• network/config.go
• config/config.go
• node/node.go
  (it looks like this last file just copies from one config to the other)

Each config should be replaced with a SignerService interface.

Open questions

Am I missing any usage of BLS keys?