kms: add support for MinKMS and remove some unused/broken code

[aead]

Description

This commit adds support for MinKMS. Now, there are three KMS implementations in internal/kms: Builtin, MinIO KES and MinIO KMS.

Adding another KMS integration required some cleanup. In particular:

• Various KMS APIs that haven't been and are not used have been removed. A lot of the code was broken anyway.
• Metrics are now monitored by the kms.KMS itself. For basic metrics this is simpler than collecting metrics for external servers. In particular, each KES server returns its own metrics and no cluster-level view.
• The builtin KMS now uses the same en/decryption implemented by MinKMS and KES. It still supports decryption of the previous ciphertext format. It's backwards compatible.
• Data encryption keys now include a master key version since MinKMS supports multiple versions (~4 billion in total and 10000 concurrent) per key name.

Motivation and Context

KMS

How to test this PR?

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Optimization (provides speedup with no functional changes)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• Fixes a regression (If yes, please add commit-id or PR # here)
• Unit tests added/updated
• Internal documentation updated
• Create a documentation update request here

[shtripat]

lgtm

[harshavardhana]

KMS enabled tests seem to crash

[harshavardhana]

are the rest from the mineos branch?

[harshavardhana]

Please rebase this PR with latest master @aead @allanrogerr

[harshavardhana]

@aead once this is merged. Can we simply force merge this to downstream mineos?

Since there are conflicts in cherry picking want to make sure that is perfectly fine.

[aead]

@aead once this is merged. Can we simply force merge this to downstream mineos?
Since there are conflicts in cherry picking want to make sure that is perfectly fine.

I think so, yes @harshavardhana

[harshavardhana]

@aead PTAL regular tests seem to be failing - NOTE these tests run with MINIO_KMS_SECRET_KEY

[harshavardhana]

@allanrogerr or @shtripat can you guys take up task of adding kes service0 for testing test-decom in MinIO

• running kes via the shell script or docker pick your choice
• running minio multiple pools configured with kes, first pool is
  decommed, test sse-s3 and sse-kms both.
• use s3-check-md5 to verify

Currently we have tests for the MINIO_KMS_SECRET_KEY adding kes would help. Thank you let me know.

[aead]

@allanrogerr @shtripat Consider kes server --dev or see https://pkg.go.dev/github.com/minio/kes#Server
You can start a KES server like a Go HTTP server. Both are there to simplify writting tests and make them more reliable.

[shtripat]

Test PR: #19695