feat: encryption service integration to support batch encryption and decryption

[ArjunKarthik]

Type of Change

• [ ] Bugfix
• [x] New feature
• [ ] Enhancement
• [ ] Refactoring
• [ ] Dependency updates
• [ ] Documentation
• [ ] CI/CD

Description

Additional Changes

• [ ] This PR modifies the API contract
• [ ] This PR modifies the database schema
• [ ] This PR modifies application configuration/environment variables

Motivation and Context

PCI compliance requires application to follow some standards where encryption and decryption should not happen within the application as snapshot might have DEK and data together. So separate service should be used for encryption and decryption. In application wherever we are calling encrypt and decrypt it will be replaced by API call to encryption service.

How did you test it?

Changes can be verified only through logs. Look for "Fall back to Application Encryption" or "Fall back to Application Decryption" in the logs post deployment after running below tests. If logs are present encryption/decryption failed with encryption service and fall back to the application encryption which has to be investigated.

Test with merchant created before the changes deployed

1. Create Payment
2. Retrieve Payment
3. Create Refund
4. Retrieve Payment Test with merchant created after the changes deployed
5. Create Merchant
6. Create API Key
7. Create MCA
8. Create Payment
9. Retrieve Payment
10. Create Refund
11. Retrieve Payment Requires sanity on all the flows

Checklist

• [x] I formatted the code cargo +nightly fmt --all
• [x] I addressed lints thrown by cargo clippy
• [x] I reviewed the submitted code
• [ ] I added unit tests for my changes where possible