Add opaque key encryption and opaque key decryption

[garrickb]

Following the existing OpaqueSigner and OpaqueVerifier, I have added an OpaqueKeyEncrypter and OpaqueKeyDecrypter. This adds the ability to provide an opaque encrypter and decrypter. The motivation behind this is to support using a KMS to encrypt/decrypt CEKs.

Related issue: #256

[CLAassistant]

All committers have signed the CLA.

[garrickb]

@csstaub any idea why GolangCI can't analyze?

[csstaub]

Not sure, but I will take a look. This looks like a good v2 addition btw before I refactor this whole code for v3 to make this type of thing easier.

[garrickb]

Not sure, but I will take a look. This looks like a good v2 addition btw before I refactor this whole code for v3 to make this type of thing easier.

Is there any additional work for me to get this change in v2? Do I need to create a PR on the v2 branch?

[csstaub]

I can merge it into the v2 branch and tag it, just haven't gotten around to looking at this in detail yet.

[garrickb]

Do you know when you'd be able to take a look over this, @csstaub ?

[csstaub]

I'll work on it this weekend

[csstaub]

LGTM, thank you @garrickb. I rebased onto v2 branch in #261. Note for v3 I want to eventually land #248, which should allow for something similar by getting rid of reflection and exposing an interface for decryption/encryption keys.