Updated docs and code for default nil behavior

Signed-off-by: Brandon Lum <lumjjb@gmail.com>

docs/config.md

@@ -207,16 +207,21 @@ version = 2
   [plugins."io.containerd.grpc.v1.cri".image_decryption]
     # key_model defines the name of the key model used for how the cri obtains
     # keys used for decryption of encrypted container images.
-    # Set of available string options: {"node"}
+    # The [decryption document](https://github.com/containerd/cri/blob/master/docs/decryption.md)
+    # contains additional information about the key models available. 
+    #
+    # Set of available string options: {"", "node"}
+    # Omission of this field defaults to the empty string "", which indicates no key model, 
+    # disabling image decryption.
     #
     # In order to use the decryption feature, additional configurations must be made.
     # The [decryption document](https://github.com/containerd/cri/blob/master/docs/decryption.md)
-    # provides information of key models and how to set them up with stream processors and the
-    # containerd imgcrypt decoder.
+    # provides information of how to set up stream processors and the containerd imgcrypt decoder
+    # with the appropriate key models.
     #
-    # Additional information on stream processors and imgcrypt:
+    # Additional information:
     # * Stream processors: https://github.com/containerd/containerd/blob/master/docs/stream_processors.md
-    # * Containerd imgcrypt : https://github.com/containerd/imgcrypt
+    # * Containerd imgcrypt: https://github.com/containerd/imgcrypt
     key_model = "node"
 ```