That led me to a lot of hits on Google, things about private keys that I have never bothered to really understand, but the main point is that OpenSSL changed the format of their private keys “recently” and many SSH libraries don’t play well with the new format yet. References:
ssh-keygen was able to downgrade the format without changing the actual private or public keys themselves (very handy if you don’t want to break your authentication to a lot of sites) with this command:
ssh-keygen -p -m PEM -f ~/.ssh/id_rsa # where rsa may instead be dsa, ed25519, etc. based on what key type you have
So, a) I hope this helps someone who wants to get SFTP working and b) I hope the Publii maintainers can upgrade the SSH library in a future version.