CCDB encryption key rotation

[f0rmiga]

Description

Adds the rotate-cc-database-key errand with a mechanism for rotating the CCDB encryption key.

Resolves #203.

Motivation and Context

CF allows rotating the CCDB encryption key. This PR introduces a mechanism for doing it with kubecf using Helm.

How Has This Been Tested?

1. Deployed kubecf with:

ccdb:
  encryption:
    rotation:
      # Key labels must be < 256 characters long.
      key_labels:
      - encryption_key_0
      current_key_label: encryption_key_0

2. Ran smoke-tests.
3. Updated kubecf with:

ccdb:
  encryption:
    rotation:
      # Key labels must be < 256 characters long.
      key_labels:
      - encryption_key_0
      - encryption_key_1
      current_key_label: encryption_key_1

4. Checked the new encryption key was correctly generated and interpolated in the new desired manifest created by cf-operator.
5. Ran the rotate-cc-database-key errand as instructed in the documentation introduced in this very same PR.
6. Checked the output of the errand saying that the old values encrypted with the previous encryption key where updated.
7. Ran smoke-tests again.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• My code has security implications.
• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.

[mook-as]

Generally fine, just some fairly trivial comments.

[mook-as]

Thanks for the changes!