Handle unparsable public keys

Handle the case where a KeyMint implementation produced an invalid
X.509 certificate that is the container for the generated key's public
portion.

There's not much for the caller to do other than re-generate the key.

Bug: 261788762
Test: Not tested yet.
Change-Id: Ia883df4f5e29a7d75929d37a68b015e857b90560