context: consider deprecating support for legacy PEM encryption as specified in RFC 1423

[thaJeztah]

PR's https://github.com/docker/cli/pull/1501 / https://github.com/docker/cli/pull/1500 added support for TLS config using encryption as specified in RFC 1423, however, that functionality has been deprecated in Go, and causes linting to fail on Go 1.16;

cli/context/docker/load.go:69:6: SA1019: x509.IsEncryptedPEMBlock is deprecated: Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.  (staticcheck)
        if x509.IsEncryptedPEMBlock(pemBlock) {
           ^
cli/context/docker/load.go:70:20: SA1019: x509.DecryptPEMBlock is deprecated: Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.  (staticcheck)
            keyBytes, err = x509.DecryptPEMBlock(pemBlock, []byte(c.TLSPassword))
                            ^

From https://go-review.googlesource.com/c/go/+/264159

It's unfortunate that we don't implement PKCS#8 encryption so we can't recommend an alternative but PEM encryption is so broken that it's worth deprecating outright.

We should consider deprecating this functionality (log a warning and/or produce an error)

[thaJeztah]

Relates to https://github.com/docker/cli/pull/3213

[justincormack]

This is being used to decrypt an encrypted private key with a supplied password. This is pretty pointless as the key is sitting next to the password in the filesystem, so encrypting the key (with broken encryption) serves no purpose. I would remove the support for decrypting keys and error requiring the key is in plaintext.