Epic: configured CryptoProvider enhancements/hardening

[jakedoublev]

Background

At present, the server.cryptoProvider in the platform config is used primarily for management of KAS keys. However, the platform engages with other sensitive cryptographic and crypto-adjacent materials (keys of varied types for other services, tokens, TLS certs, HSM information, etc).

Rather than spreading configuration of varying crypto-related values across the service configs, we should enhance and centralize the cryptoProvider config interface to make it extensible to n number of keys and key types across n number of services, and let each service do its own validation/panic that it has the cryptographic material it requires.

Centralizing sensitive config will make administration of a platform and development on top of it both easier.

Acceptance Criteria

TODO