ANDROID: fscrypt: add support for hardware-wrapped keys

Add support for hardware-wrapped keys to fscrypt.  Hardware-wrapped keys
are inline encryption keys which are only present in kernel memory in
ephemerally-wrapped form, and which can only be unwrapped by dedicated
hardware.  Such keys are protected from certain attacks, such as cold
boot attacks.  For more information, see the "Hardware-wrapped keys"
section of Documentation/block/inline-encryption.rst.

To support hardware-wrapped keys in fscrypt, we allow the fscrypt master
keys to be hardware-wrapped, and we allow encryption policies to be
flagged as needing a hardware-wrapped key.  File contents encryption is
done by passing the wrapped key to the inline encryption hardware via
blk-crypto.  Other fscrypt operations such as filenames encryption
continue to be done by the kernel, using the "software secret" which the
hardware derives.

Note that this feature doesn't require any filesystem-specific changes.
However it does depend on inline encryption support, and thus currently
it is only applicable to ext4 and f2fs, not to ubifs or CephFS.

This is a reworked version of a patch which was temporily reverted by
https://android-review.googlesource.com/c/kernel/common/+/1867364, and
which originated from
https://android-review.googlesource.com/c/kernel/common/+/1200864.
This is based on a version of this patch that I've proposed upstream
(https://lore.kernel.org/r/20211021181608.54127-4-ebiggers@kernel.org

),
but by necessity it preserves the existing UAPI and on-disk format which
Android expects.  I also dropped the changes to the documentation file.

Bug: 160883801
Change-Id: If4bb83f1188a5863184717c04cb8a064dc4ea168
Signed-off-by: Eric Biggers <ebiggers@google.com>
(cherry picked from commit 2fd53f80)