file that fails to decrypt shows up as a gpg file ready to be opened

[sssoleileraaa]

STR

1. Download a file knowing that it'll see a CryptoError (use an invalid gpg key or raise directly in the code)
2. See that it exists in <data dir>/<journalist_designation>/<file_counter>-<journalist_designation>-doc/<file_counter>-<journalist_designation>-doc.gz.gpg
3. Log out and back in

Expected

To see a "Download" link next to file. Perhaps we should provide a "Decrypt" button in the future so the file doesn't have to be re-downloaded.

Actual

The file shows up as <file_counter>-<journalist_designation>-doc.gz.gpg and ready to be opened, printed, and exported. There is no way to re-download or decrypt the file from the client UI.

[sssoleileraaa]

Note: you have to log out and log back in for step 3 due to this issue: #754

[rmol]

Right now File.is_downloaded determines whether we switch from "download" to "export/print", e.g. here and here.

We should only enable export and print once the file is both downloaded and decrypted. But to avoid downloading a (potentially large) file that is actually present and complete, and just failed to decrypt, we'll need to reliably determine that situation. The SecureDrop server delivers the SHA256 hash of the file in the ETag header, so if we start saving that on the File record, we can tell if we can skip the download and retry decryption.

We can add that logic to the download process, avoiding the need for a separate Decrypt button.