Support for KMS as a provider and data key generation.

Problem/Motivation

On a few of my client's sites, we store PII in Webform submissions. I'm currently using this module along with Webform Encryption to accomplish that securely. While we're not storing PHI currently, I try to adhere to HIPAA best practices whenever possible. I was doing some research and came across this article (specifically the section on using KMS to encrypt PHI): https://aws.amazon.com/blogs/security/frequently-asked-questions-about-h...

Basically the way this module currently functions isn't HIPAA compliant, because it's using the KMS encrypt/decrypt methods to process the data directly. The way we'd need to use KMS, in order to be HIPAA complaint, would be to create a second key, encrypt/decrypt it with KMS, and then use that local key to handle the encryption/decryption of any PHI data.

Proposed resolution

The patch I've written to solve for this adds two new capabilities to the module:

1. A KMS Data Key type that leverage the GenerateDataKey function to create an AES key.
2. A KMS Key Provider that accepts any key, stores the encrypted local copy, and leverages KMS to handle decrypting the key when needed.

Both of the above features require being pointed to an Encryption profile that uses Amazon KMS to work. With this approach, I can generate a data key, store the encrypted key locally, and leverage another encryption module (like RealAES) to handle the actual processing of the webform information. There's no impact to existing installs of the KMS module, it's purely optional functionality for anyone that needs it.