Don't pass secrets via flags

Looking at `witness/golang/omniwitness/monolith/monolith.go`, we realized that it takes the private key material via flags. This is a security risk as anyone on the same machine could get this via `ps`.

We should swap this over to use env variables or a file, or something. And also review other main files to make sure there aren't others like this.