.Pfx passwords should be prompted and taken in as a secure string.

Currently `CoseSignTool.exe sign` supports signing with password protected .pfx certificates with the `/Password` argument. The user should be prompted for the password at runtime so we can consume it as a secure string.