Disallow encrypting to ssh-rsa keys smaller than 2048 bits

[FiloSottile]

I think using the ssh-rsa support with small keys is the only non-plugin way to end up encrypting with a weak algorithm.

No reason we should allow that. I've updated the spec accordingly.

/cc @str4d