imgtool: fix --vector-to-sign usage

`--vector-to-sign` only exports the image payload, or digest, to be
signed externally; it doesn't require any keys to be provided. This
commit moves the code outside a key required block, after the payload
and digest were already calculated from "image + headers + protected
TLVs".

Signed-off-by: Fabio Utzig <utzig@apache.org>