Support the full extent of the encryption module configurability

[robobario]

Currently we use a hardcoded test-kms only, that offers up a hardcoded key. Lets support some real KMS implementations 😁

The encryption module is configured by two configuration files loaded with Jackson. We could embed these configuration classes directly into our YAML configuration, or instead reference the two files from the kroxy configuration YAML, loading them exactly as the encmod would. Or support both styles.

For vault integration it would be cool to integration test it with a vault testcontainer. Maybe there's something out there for key-protect testing too.

We currently only support the test-kms, to build the others into a fat jar will require combining their META-INF. Or we could remove the KMS implementations from the fat jar and install them separately into the Kroxylicious classpath.

Here's an example of the JSON configuration

embedded YAML style

kroxylicious-config.yaml

filters:
  type: TopicEncryption::DecryptFetch
  config:
    kmsDefs:
      - name: cloud
        type: key-protect
        uri: http://sfsffs.ibm.com/abc
        instanceId: shdjkjahkjahd
        credential: <apikey>
    topicPolicies:
      - name: topicA
        kmsName: cloud
        keyReference: topicAKey

separate configuration with references

kroxylicious-config.yaml

filters:
  type: TopicEncryption::DecryptFetch
  config:
    kmsDefsFile: "/path/to/kmsdefs.json"
    topicPoliciesFile: "/path/to/topicPolicies.json"

[robobario]

Implemented with #7