Initial encryption support

[majst01]

closes #31

Adds encryption with aes from golang stdlib, only enabled if encryption key is given. Actually all 3 backup providers supported.

TODO: tests

[mwennrich]

Why not placing encryption generic in backup.go after compression, before uploading?

[majst01]

good point, wait a second

[majst01]

unsure if we should use a cli which is available on linux instead of our homegrown implementation. At least we should implement a possibility into this application to decrypt downloaded backups locally, for debugging and testing purpose.

WDYT ?

[mwennrich]

Maybe a "no database" mode, where the files get downloaded, decrypted, and decompressed?

[majst01]

Yes, added a --download-only flag to the restore command.

[majst01]

Another option would be to implement support for SSE-C, or SSE-S3 as described https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html

Ceph RGW does support this as well: https://docs.ceph.com/en/latest/radosgw/encryption/#customer-provided-keys

[majst01]

implemented with #97