[confidential-extension] Add a mechanism to update `withdraw_withheld_authority_encryption_pubkey`

[samkim-crypto]

With pr #3938, there is no mechanism to update the encryption public key of a confidential extension withdraw withheld authority associated with a mint. It would be great to add a way to rotate this key in the mint.

The difficulty with rotating the withdraw authority encryption key is that there could be (encrypted) withheld amount left in a user's account. If the encryption key is updated in the mint, but some withheld amount in a user's account is encrypted with the old pubkey, then this withheld amount cannot be decrypted and could pollute other withheld amounts that are encrypted under the newly updated public key.

The safest way to rotate the withdraw authority encryption key is to

1. lock confidential transfers at the mint level
2. harvest all the withheld fees (associated with the confidential extension)
3. update the key
4. unlock confidential transfers.

Whether there is an alternate way to rotate the key requires some more thought. If the above approach is the only method, then a new instruction to lock and unlock confidential transfers at the mint level should be added.