Allow encryption of Kubernetes resources

[bernardjkim]

Description

These changes allow Kubernetes resources to be encrypted at rest.

aws-encryption-provider binary is now built into Planet. A systemd unit file and an encryption-configuration file are also included. The configuration file can be found under /etc/kubernetes/encryption-configuration.yaml.

Planet now takes flags for:

• --encryption-provider
• --aws-account-id
• --aws-key-id
• --aws-key-region

If encryption is enabled, the aws-encryption-provider service is enabled and the kube-apiserver will be configured with the flag --encryption-provider-config=/etc/kubernetes/encryption-configuration.yaml

[wadells]

Just some clean up. It looks like master-docker.mk is unused and is the same as planet.mk

Would you split these out into a separate PR please? I'm all for clean up, but it gives a much cleaner history if orthogonal changes are independent.