Try encrypting KMS key without encryption context first

[nhinsch]

What does this PR do?

When the API key is encrypted using the AWS console, the function name is added as an encryption context. When the API key is encrypted using the AWS CLI, no encryption context is added. We need to try decrypting the API key both with and without the encryption context, because decrypting using the incorrect encryption context will cause decryption to fail.

Previously, we tried decrypting WITH the encryption context first, then fell back to encrypting WITHOUT the encryption context. This PR reverses the order and tries decrypting WITHOUT the encryption context first, falling back to encrypting WITH the encryption context.

Motivation

We want to encourage customers to encrypt their keys using the AWS CLI, without the encryption context. That way, a single encrypted key can be re-used for multiple functions. This is necessary in order to use our deployment tools (e.g. Serverless Framework plugin).

Testing Guidelines

We have unit test coverage of this functionality.

Types of changes

• [ ] Bug fix
• [ ] New feature
• [ ] Breaking change
• [x] Misc (docs, refactoring, dependency upgrade, etc.)

Checklist

• [x] This PR's description is comprehensive
• [ ] This PR contains breaking changes that are documented in the description
• [ ] This PR introduces new APIs or parameters that are documented and unlikely to change in the foreseeable future
• [ ] This PR impacts documentation, and it has been updated (or a ticket has been logged)
• [x] This PR's changes are covered by the automated tests
• [ ] This PR collects user input/sensitive content into Datadog

[codecov-commenter]

Codecov Report

Merging #83 (211b6cc) into main (a0a402d) will increase coverage by 0.44%. The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main      #83      +/-   ##
==========================================
+ Coverage   82.45%   82.89%   +0.44%     
==========================================
  Files          12       12              
  Lines         644      725      +81     
==========================================
+ Hits          531      601      +70     
- Misses         89      100      +11     
  Partials       24       24              

Impacted Files	Coverage Δ
internal/metrics/kms_decrypter.go	76.00% <100.00%> (-1.28%)	:arrow_down:
ddlambda.go	78.04% <0.00%> (-2.24%)	:arrow_down:
internal/trace/listener.go	59.32% <0.00%> (-1.79%)	:arrow_down:
internal/metrics/time.go	66.66% <0.00%> (ø)
internal/metrics/batcher.go	100.00% <0.00%> (ø)
internal/metrics/context.go	100.00% <0.00%> (ø)
internal/wrapper/wrap_handler.go	100.00% <0.00%> (ø)
internal/metrics/processor.go	97.70% <0.00%> (+0.26%)	:arrow_up:
internal/metrics/listener.go	75.53% <0.00%> (+1.12%)	:arrow_up:
... and 3 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update a0a402d...211b6cc. Read the comment docs.