Document two systemd-repart options in man page

Note --private-key and --certificate options for configuring
verity signature partitions in the listing of options.

Adjust one error message referring to the --certificate option.

man/systemd-repart.xml

@@ -312,6 +312,22 @@
         later setup step.</para></listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><option>--private-key=</option></term>
+
+        <listitem><para>Takes a file system path. Configures the signing key to use when creating verity
+        signature partitions with the <varname>Verity=signature</varname> setting in partition files.
+        </para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>--certificate=</option></term>
+
+        <listitem><para>Takes a file system path. Configures the PEM encoded X.509 certificate to use when
+        creating verity signature partitions with the <varname>Verity=signature</varname> setting in
+        partition files.</para></listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><option>--tpm2-device=</option></term>
         <term><option>--tpm2-pcrs=</option></term>

src/partition/repart.c

@@ -1580,7 +1580,7 @@ static int partition_read_definition(Partition *p, const char *path, const char
 
         if (p->verity == VERITY_SIG && !arg_certificate)
                 return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EINVAL),
-                                  "Verity signature partition requested but no PEM certificate provided (--certificate-file=)");
+                                  "Verity signature partition requested but no PEM certificate provided (--certificate=)");
 
         if (p->verity == VERITY_SIG && (p->size_min != UINT64_MAX || p->size_max != UINT64_MAX))
                 return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EINVAL),