Geli has a special parameter iterations that specifies how many times
a passphrase should be strengthened. The special value -1 indicates
that no passphrase was provided. When this value is set, we can skip
asking for a passphrase during boot because it's known to be unused.
However, the situation becomes more complicated because we have two
slots for keys. In one slot, a keyfile may be used, and in the other,
a passphrase. In such cases, iterations will be set, and
the bootloader will prompt for a passphrase. Another scenario is when
a passphrase is removed from a slot, the iterations are not updated to
-1, because geli doesn't know what method was used in the other slot.
This is why this commit adds a test for the keyfile during boot.
If iterations is not set to -1 and a keyfile is used, the system
tests the keyfile alone before attempting to combine it with a passphrase.
This enables us to employ two methods: one using a keyfile and
the other a passphrase. The keyfile is stored on a memory stick
and loaded during boot. We use the passphrase as a backup in case
the keyfile is lost. After this change, when we insert the memory
stick, we won't be asked for the passphrase, allowing the machine
to boot without keyboard interaction.