Fix an off-by-one in dsa_check_key()

Fix an off-by-one in dsa_check_key()

The private key is a random number in [1, q-1], so 1 must be allowed.
Since q is at least an 160-bit prime and 2^159 + 1 is not prime (159
is not a power of 2), the probability that this is hit is < 2^-159,
but a tiny little bit wrong is still wrong.

Found while investigating a report by bluhm
ok jsing