Add support for encrypted data bags to knife download

[lxndrp]

knife download should store an unencrypted copy of server-side encrypted data bags, if an encrypted_data_bag_secret is configured as part of ~/.chef/knife.rb. This could be configurable with an additional flag, say --decrypt.

The same feature could be interesting for the opposite case of uploading, although some more consideration would be necessary as to which data bags should be encrypted and which should stay unencrypted.

[jkeiser]

This is a good idea. By default, I don't think we'd want to store unencrypted copies on the filesystem, but I can see an option or config variable for sure. On the other hand, it would be useful if we decrypted in knife show and knife diff by default, since that output is ephemeral.

One issue is going to be checking which data bags are encrypted and which are not. This will be automatically detectable in chef 11, but not so much in earlier versions.