Add support for encrypting S/MIME messages

[facutuesca]

I'm opening this PR with an initial implementation of S/MIME encryption, in order to better discuss the API design, the algorithms we want to support, and how we want to approach testing.

The target is a subset of S/MIME v3.2 (RFC5751):

• Content encryption is done using AES-128-CBC
• Key management is done with key transport: the symmetric encryption key used for the message is included and encrypted using the recipients' public keys.
• The other two key management methods (previously-distributed keys and key agreement) are not supported.
• The symmetric encryption key is encrypted using RSA (PKCS1 v1.5). That is, we only support recipients with RSA public keys, and we use PKCS1v15 padding.

I've been checking the output produced against the output of the openssl-cms command, since openssl-smime is now legacy. For example:

# encrypt
openssl cms -encrypt -recip cryptography/vectors/cryptography_vectors/x509/custom/ca/rsa_ca.pem -aes-128-cbc -in message.txt -out out.txt
# decrypt
openssl cms -decrypt -recip cryptography/vectors/cryptography_vectors/x509/custom/ca/rsa_ca.pem -inkey cryptography/vectors/cryptography_vectors/x509/custom/ca/rsa_key.pem -in out.txt

I added some tests for the unencrypted parts of the message, but complete testing would require that we parse and decrypt the messages. We could follow a similar approach as with testing S/MIME signing, where we call OpenSSL directly to parse and check our output during the tests: https://github.com/pyca/cryptography/blob/ed6063552d5c37a9caeddc23b1a70fd02763067a/tests/hazmat/primitives/test_pkcs7.py#L103

cc @alex @reaperhulk @woodruffw

(the issue tracking this feature is https://github.com/pyca/cryptography/issues/5488)