move the cloak secret into the database

[slingamn]

#481 mentions that the main reason not to store the cloak secret in the database was simple "laziness". We could start storing it in the database (with the caveat that it has to be the same across all networks). Here's how this would work:

1. If an existing cloak secret is defined (either in the config or in an environment variable), store it in the database
2. Otherwise, autogenerate a suitable cloak secret and store it in the database
3. Provide service commands to rotate (and possibly import and export) the secret as necessary

[slingamn]

An advantage of this would be that we could enable cloaking by default...

[slingamn]

Tentatively moving this into the 2.1 milestone since I'm interested in having cloaking be a recommended default for 2.1. Comments and concerns welcome.