feat(encryption) [7/N] Read encrypted manifest list

[xanderbailey]

Which issue does this PR close?

• Working towards Support client-side encryption #2034

What changes are included in this PR?

Wires encryption support into the Table type so that encrypted manifest lists can be read. Adds an EncryptionManager accessor on Table and ensures it is supplied wherever manifest lists are loaded from snapshots.

Also threads the EncryptionManager through purge_table / drop_table_data so that dropping an encrypted table can read its manifest lists and clean up referenced files correctly.

A design decision was made whilst reviewing the RFC to keep the EM out of FileIo and pass it around separately which turns out to be much cleaner.

Note that we aren't exposing any sort of configuration for the KMS when building the tables in the catalogs. That will come later. That PR is deliberately coming later to minimise the public surface area whilst this feature is under development.

Are these changes tested?

Yes

[xanderbailey]

public api change here

[xanderbailey]

public api change here.

[xanderbailey]

Wasn't exactly sure if this should live here or if it's a concern of the EM?

[hsiang-c]

Thanks for working on the encryption support @xanderbailey, this is really great.

I think TableMetadata::table_properties has all the information we need to construct either a KeyManagementClient or a EncryptionManager. Do you think we could build them as part of the builder instead of passing KeyManagementClient in the API?

[xanderbailey]

Thanks for taking a look! In Java's case the kms is configured at the catalog level (CatalogProperties.ENCRYPTION_KMS_*) and I think we should do the same, the catalog will take some KmsFactory and construct the KMS for the table? WDYT?