Use the public key from the `x-ms-sgx-ehd` field of the attestation JWT to encrypt the data for the enclave

[longtomjr]

As part of the encryption the application needs to:

• [x] Generate an ephemeral public key
• [ ] Pass any metadata through as associated data (Not sure if tweetnacl supports associated data, so holding off on this for now)
• [x] after encryption, the metadata needs to be presented along with the file for uploading

[PiDelport]

I'm not sure if it's exactly what we need, but there is a JS implementation of nacl.auth here:

• https://github.com/dchest/tweetnacl-auth-js