Merge pull request #46916 from smarterclayton/secretbox

Automatic merge from submit-queue (batch tested with PRs 46979, 47078, 47138, 46916)

Add a secretbox and AES-CBC path for encrypt at rest

Add a secretbox and AES-CBC encrypt at rest provider and alter the config, based on feedback from security review.  AES-CBC is more well reviewed and generally fits better with common criteria and FIPS, secretbox is newer and faster than CBC.

```release-note
Add secretbox and AES-CBC encryption modes to at rest encryption.  AES-CBC is considered superior to AES-GCM because it is resistant to nonce-reuse attacks, and secretbox uses Poly1305 and XSalsa20.
```

hack/.linted_packages

@@ -374,6 +374,7 @@ staging/src/k8s.io/apiserver/pkg/storage/storagebackend/factory
 staging/src/k8s.io/apiserver/pkg/storage/storagebackend/factory
 staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/aes
 staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/identity
+staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/secretbox
 staging/src/k8s.io/apiserver/pkg/util/flushwriter
 staging/src/k8s.io/apiserver/pkg/util/logs
 staging/src/k8s.io/apiserver/plugin/pkg/audit/webhook