Add Rust protections for the private keys

[ipetr0v]

Currently our abstractions have to expose the private keys in order to:

• Pass the private keys from the Restricted Kernel to the enclave application
• Use the Instance key to decrypt the Group key that was received via Key Provisioning

For example we have the following functions that expose the private key instance_encryption_key and get_private_key.

We need to implement an abstraction for private keys that:

• Removes the private key from the memory on drop()
• Allows encrypting a private key for Key Provisioning
• Also allows sending the private key via an RPC

Though we also don't want to reimplement Tink.

We also currently have 2 abstractions for the Encryption Private Key: https://github.com/project-oak/oak/blob/28b91c93fe8cfce452b1a9d2177e8ca3adab3b77/oak_crypto/src/encryptor.rs#L35-L37 https://github.com/project-oak/oak/blob/28b91c93fe8cfce452b1a9d2177e8ca3adab3b77/oak_crypto/src/hpke/mod.rs#L47-L50

We need to merge these implementations into one EncryptionKey, and keep it a low level abstraction, since enclave applications don't need to use it.

[ipetr0v]

cc @tiziano88 @conradgrobler

[tiziano88]

Manually zeroing out memory is actually quite hard, because the compiler will probably optimize it away. We should look for some off the shelf solution to that problem, e.g. https://crates.io/crates/zeroize seems to solve that.

[conradgrobler]

Yes, we should replace all instances where we implement Drop and use .fill(0) to try to zero out keys manually with the zeroize crate.

[ipetr0v]

As an addition, we should probably also use OPENSSL_cleanse for our C++ (with Java) code on the client side.