feat: add da client can be initialized with the gcs seed

[JayT106]

Implement DA client can init with a encrypted seed from google cloud storage. The encrypted seed has been encrypted by a HSM key stored in google KMS.

There are 3 environment variables need to be setup for enabling this feature.

DA_SECRETS_FROM_GCS="true" DA_SECRETS_GCS_BUCKET_NAME="cronos-zkevm-encrypt-seed--bucket-test" DA_SECRETS_KMS_DECRYPT_KEY_NAME="projects/zkevm-research/locations/northamerica-northeast2/keyRings/gkms_signer_test/cryptoKeys/avail-signer-seed-op"

Note: There is a tooling can generate a random seed, encrypted with the assigned kms key, and then upload to the gcs bucket. https://github.com/JayT106/avail-seed-with-kms/blob/main/src/main.rs

run avail-seed-with-kms  [kms key path] [gcs bucket name]

i.e.
avail-seed-with-kms projects/zkevm-research/locations/northamerica-northeast2/keyRings/gkms_signer_test/cryptoKeys/avail-signer-seed-op  cronos-zkevm-encrypt-seed--bucket-test

[JayT106]

Implement DA client can init with a encrypted seed from google cloud storage. The encrypted seed has been encrypted by a HSM key stored in google KMS.

There are 3 environment variables need to be setup for enabling this feature.

DA_SECRETS_FROM_GCS="true" DA_SECRETS_GCS_BUCKET_NAME="cronos-zkevm-encrypt-seed--bucket-test" DA_SECRETS_KMS_DECRYPT_KEY_NAME="projects/zkevm-research/locations/northamerica-northeast2/keyRings/gkms_signer_test/cryptoKeys/avail-signer-seed-op"

looks good however not sure it is relevant in this cronos version.

could you open up a PR upstream and see if they would like to merge it?

Open an PR https://github.com/matter-labs/zksync-era/pull/3315