Default to automatically using v2 encryption policies when available

[ebiggers]

#148 added support for v2 encryption policies, which have various security and usability advantages, including solving #128, #116, and #118. They require kernel v5.4 or later. But due to the kernel prerequisite, currently the user has to set "policy_version": "2" in /etc/fscrypt.conf. We should make it so that /etc/fscrypt.conf can contain "policy_version": "auto", where this means that fscrypt will use the best policy version that is available on the current kernel; and we should put this in the default /etc/fscrypt.conf generated by fscrypt setup.

[josephlr]

Would it work to just set "policy_version": "2" when the user runs fscrypt stetup if their kernel supports V2 encryption? That way we don't need an auto flag. The only "downside" would be that a user on a pre-5.4 kernel updating to a 5.4 (or later) kernel would not automatically start using v2 policies.

Would we want this automatic upgrade behavior? Would it be better to just say "if you want to use new policies, run fscrypt setup again".

[Maryse47]

@josephlr another downside would be that if user runs fscrypt stetup first on kernel 5.4+ then switch to older kernel will result in broken config. auto doesn't have such downsides. As v1 has security and usability issues no one really should use it if possible and automation instead of manual action will achieve this goal better.