Consider a --allow-unauthenticated-data flags for repair

[commial]

For now, mlar repair explicitely tries to get the maximum of an archive. To do so, as an encrypted chunk is 4MB + (size of a tag) long, the tag verification is ignored, removing the "authenticated" part of AES-GCM. For now, this is considered fine as the repair is a recovery / debug command. But to avoid any mislead to users heavily using it, the behavior could be changed to:

• by default, check for the tag -- thus limiting repair to size rounded to the encrypted chunk size ;
• add an explicit flag to get the old behavior, with a warning in the CLI that the obtained data "cannot be trusted".

This also requires changes to the EncryptFailSafe layer, in order to support such configuration possibility.