[reply refactor] Also encrypt replies to submission key

[redshiftzero]

Description

Replies are currently encrypted only to the source key. This makes reading prior replies impossible from the journalist's side, unless they are diligent and keep a record. These replies should be stored on the SecureDrop server encrypted to both the source key and the submission key.

Epic: #3097

[redshiftzero]

For #3674, we need a lightweight way to indicate whether or not a reply was encrypted to the submission key or just the source key. One sensible approach would be in this ticket to add a column allow_journo_download (or even a better name) to the replies table, that we set to True going forward. This will enable us to gracefully handle #3673.

[emkll]

Good news ! It turns out this functionality has been implemented, at least as far back as 0.3 release:

• develop: https://github.com/freedomofpress/securedrop/blob/develop/securedrop/journalist_app/main.py#L105
• 0.3 https://github.com/freedomofpress/securedrop/blob/0.3/securedrop/journalist.py#L427

It also appears to have integration test coverage:
https://github.com/freedomofpress/securedrop/blob/develop/securedrop/tests/test_integration.py#L282

For the sake of completeness, I can add a small assert in https://github.com/freedomofpress/securedrop/blob/develop/securedrop/tests/test_crypto_util.py#L125 to ensure the JOURNALIST_KEY can decrypt the submission.

@redshiftzero Anything else I should add to close out the ticket?

[redshiftzero]

excellent! since there's integration test coverage of the reply being successfully decrypted by the submission key, we're good to close, thanks @emkll