Support larger secret resources using layered encryption

[paulhowardarm]

Currently, the key-broker supports small secrets/keys that are wrapped using asymmetric encryption only.

Larger resources could be supported via a layered asymmetric/symmetric encryption scheme, where the client's public key is not used to wrap the secret itself, but is instead used to wrap the symmetric key, which in turn protects the data.

The CoCo Trustee KBS uses this approach.

This would require a new API and interaction pattern, but this could be added without any breaking changes to the existing keys/v1 API.