better handle a change to the app_encryption_key

[adamsachs]

Is your feature request related to a specific problem?

When doing some testing on deployed instances, we put the server into a state where it was throwing 500s when trying to retrieve all DSR policies (GET /api/v1/dsr/policy) or when specifically trying to GET the default_erasure_policy. We were able to reproduce similar behavior locally when intentionally changing the fides.security.app_encryption_key config property and restarting the application (being sure not to clear the database).

Although changing app encryption keys is not a straightforward feature to support, and certainly not a standard workflow, we should at a minimum report this error more clearly - previously, we'd seen only a small InvalidCiphertextError in the logs on server spin up.

#1842 has helped here - when I've reproduced the problem on current main, I do get some more information on the 500s as they're returned. But I think there's still some room for improvement on the error handling on server startup, to try to warn people specifically about a key change, before they get too far. Additionally, I wonder if we should look to enhance our documentation to make it clear that the app encryption key cannot easily change without resetting the DB, and perhaps a follow-up issue to outline a key rotation process, in cases where that's necessary?

Describe the solution you'd like

• clear error message on server bootup that indicates the issues decrypting and to look at the app_encryption_key
• update docs to warn against any changes to the app_encryption_key config property (?)
• follow-up issue to test and document a process for properly rotating an app_encryption_key (?)