Improve reencryption UX

[UndeadDevel]

Fixes #1538

With the first commit, which addresses point 1 in #1538:

• Refactored the luks_reencrypt function (superfluous else clause with no unique code)
• Added clear to the luks_reencrypt function to hide the new secrets as re-encryption starts to avoid having the secrets stuck on the screen in plaintext. Since #1543 fixed the final secrets whiptail window, it's appropriate to remove the secrets from screen for the potentially long re-encryption process so that people aren't stuck trying to cover their screen for an hour or more if they are not physically isolated.

This PR also addresses point 2 in #1538, using the alternative solution suggested there, namely it informs the user that after a passphrase change or re-encryption the checksums need to be updated and the TPM resealed, if applicable, thus giving pointers to an inexperienced user, who may be wondering why the default boot fails after using the separate "change passphrase" or "re-encrypt LUKS container" functions.

[UndeadDevel]

Okay so I fixed clear vs. printf as discussed.

The other issue I'm not touching beyond adding a message to the user as per my alternative suggestion in #1538. The reason is that too much would have to be refactored in order not to make UX worse (e.g. by having user enter the same new passphrase multiple times) and I can't test anything that involves TPM DUK functionality.

[tlaurion]

@UndeadDevel please update op comment to reflect actual state of PR. I will test in next following days

[UndeadDevel]

Done.

[tlaurion]

Need to test but LGTM