Remove paramiko dependency

In Liberty, key pair creation (previously done via ssh-keygen) was replaced with paramiko library calls. While paramiko was listed as a dependency in Liberty, it wasn't actually used until that commit.

  Replace ssh exec calls with paramiko lib
  https://review.openstack.org/#/c/157931/

The above commit was unintentionally backwards incompatible. Specifically, it changed the SSH key ASN.1 encoding from DER to BER. Apparently golang doesn't support BER, meaning tools like Terraform no longer work with OpenStack.

  ssh-keygen-to-Paramiko change breaks third-party tools
  https://bugs.launchpad.net/nova/+bug/1483132

This has since been fixed in paramiko 2.0, but that major version bump doesn't make it into Nova until Newton, meaning these third-party tools are unusable for Liberty & Mitaka in the mean time.

   stable/liberty: paramiko>=1.13.0
   upper-constraints: paramiko===1.16.0

   stable/mitaka: paramiko>=1.16.0
   upper-constraints: paramiko===1.16.0

   master (newton): paramiko>=2.0
   upper-constraints: paramiko===2.0.2

The bump to paramiko 2.0 was a big change, complete with a huge red warning in the changelog (which I suspect makes a backport that bumps the paramiko version to 2.0+ unrealistic for Liberty & Mitaka).

  http://www.paramiko.org/changelog.html
  http://bitprophet.org/blog/2016/04/23/paramiko-2.0-is-coming/

The switch to paramiko also introduced a number of Nova regressions along the way.

  Tolerate installation of pycryptodome
  https://review.openstack.org/#/c/279909/

  crypto: Add support for Paramiko 2.x
  https://review.openstack.org/#/c/314592/

  Drop paramiko < 2 compat code
  https://review.openstack.org/#/c/314639/

All this, coupled with the known security implications of using the older paramiko versions, makes me think that perhaps we should just go back to using ssh-keygen.

Ideally, I'd like to backport this change all the way down to stable/liberty.