fix (at_onboarding_cli): write keys before deleting cram secret

[XavierChanth]

Reason: Keys must be written before deleting the cram secret, otherwise the atServer must be reset to continue.

The decision here has an impact on a change to atServer that @gkc will be making:
If there is an approved firstApp enrollment, and the cram secret is still in place, then new firstApp enrollments will replace the existing one. (Currently they are denied)

• We can either prefer immediately before deleting cram secret
  • I think this is preferred once the above atServer change is made, as if there is a failure, in one of the operations, the keys will not be overridden and the re-running the cli will be able to self-recover
• Or we can do it immediately before deleting the cram secret
  • Preferred without the atServer change, because it can be manually recovered, but not automatically recovered by re-running the cli.

[XavierChanth]

Going to hold off on this change until C version's done, aiming to get a release out ASAP

[gkc]

Will complete in PR 106. Changed priority to P1 as encountering this failure would be very annoying as well as driving operations load.