Check permissions and location of private key file

We want to enforce that the private key is not world-readable.  We also want it on a local filesystem so that if the network goes away the backup can be shut down sane-ish-ly.