Add the ability to read PGP keys from files and hide it in SQL

[andreabravetti]

Using pgp_pub_crypt/decrypt(..., dearmor(KEY)) expose the key in PostgreSQL log, in clear text, and it may be a problem, a security issue I think. It also may enlarge Postgres logs by 1000%.

This patch allow to use a configuration like this:

    PUBLIC_PGP_KEY_ARMORED_FILE = "/var/lib/postgres/public.txt"
    PRIVATE_PGP_KEY_ARMORED_FILE = "/var/lib/postgres/private.txt"

Or:

    PUBLIC_PGP_KEY_DEARMORED_FILE = "/var/lib/postgres/public.bin"
    PRIVATE_PGP_KEY_DEARMORED_FILE = "/var/lib/postgres/private.bin"

Replacing PUBLIC_PGP_KEY and PRIVATE_PGP_KEY.

It translate in SQL like this:

pgp_pub_decrypt("diff_keys_encrypteddiff"."pub_field", pg_read_binary_file('/var/lib/postgres/private.bin')))::TEXT

This patch does nothing, and maintains compatibility, if you use the current configuration.

To enable the patch you need to replace *_PGP_KEY with *_PGP_KEY_ARMORED_FILE or *_PGP_KEY_DEARMORED_FILE, which I prefer since it avoid useless calls to dearmor().

This pull request does not contains the change I made for the tests since it's not complete. I can improve it with other pull requests.

This feature, to be used with an unprivileged user, require this grant:

GRANT EXECUTE ON FUNCTION pg_read_binary_file(text) TO username;

Also, if the keys are placed outside the data_directory (for example if you don't want some backup to copy the key with the database), it require:

GRANT pg_read_server_files TO username;

[andreabravetti]

@maxpeterson what do you think about this?

[andreabravetti]

Just updated the PR for a small syntax error in PGP_PUB_ENCRYPT_SQL_WITH_NULLIF