Ensure file doesn't exist when doing initial key rotation

[doanac]

This is an edge case, but its an easy fix to save someone a little pain:

I'm in multiple factories (uncommon but possible) say "foo" and "bar". fioctl was configured with "foo" as my default factory. I wanted to get my root keys for bar and ran:

 fioctl keys rotate-root --initial keys.tgz

I noticed that my bar root.json didn't change and realized I'd mistakenly changed "foo". Then without giving much thought I hit the up arrow in my terminal and added -f bar which ran:

 fioctl keys rotate-root --initial keys.tgz --factory bar

At this point I'd fixed bar but overwrote the keys for foo. That root key is now lost forever. We can add a simple fix here:

fioctl/subcommands/keys/rotate_root.go

Line 51 in eabc41c

key, err := api.TufRootFirstKey(factory)

to ensure the destination doesn't exist.

Note - this only matters for initial rotations. After that we'd fail to rotate keys if the user pointed at the wrong .tgz.