remove hard-coded secret key and support using customized key

[D3Hunter]

Is your feature request related to a problem?

no

Describe the feature you'd like

• remove hard-coded secret key in source code, as it's taken as compromised and might cause security issue.
• support using customized key to encrypt/decrypt password by add a config and a cli flag secret-key-path to dm-master to specify a secret key file, the key should be a valid hex encoded AES-256 key.
• remove dependency of secret-key from dmctl, now it calls api of dm-master to do encrypt/decrypt related work
• remove decrypt sub-command, to avoid user without access to secret-key to be able to see decrypted password.

this feature breaks backward compatibility

• when upgrade from old dm clusters which uses encrypted password, need to upgrade master with secret-key-path set first, then upgrade worker.
• when exporting config using config export, the exported password will encrypted if dm-master is started with a key, else it's plaintext.

we also remove deprecated --encrypt/--decrypt flags, user can use encrypt sub-command directly.

Describe alternatives you've considered

No response

Teachability, Documentation, Adoption, Migration Strategy

No response