Store cross-signing keys in keychain

Cross-signing keys are used only rarely, and the consequences are pretty bad if they are stolen. So, we should keep them somewhere safe.

On iOS, we can store these keys in the Keychain, and we can require biometric authentication in order to let the app read them again. See this Apple developer article for more info.