ANDROID: dm: Add wrapped key support in dm-default-key

To prevent keys from being compromised if an attacker acquires read
access to kernel memory, some inline encryption hardware supports
protecting the keys in hardware without software having access to or the
ability to set the plaintext keys.  Instead, software only sees "wrapped
keys", which may differ on every boot.  The keys can be initially
generated either by software (in which case they need to be imported to
hardware to be wrapped), or directly by the hardware.

Add support for this type of hardware by allowing keys to be flagged as
hardware-wrapped. When used, dm-default-key will pass the wrapped key
to the inline encryption hardware to encryption metadata. The hardware
will internally unwrap the key and derive the metadata encryption key.

Bug: 147209885

Test: Validate metadata encryption & FBE with wrapped keys.

Change-Id: I8078b116dab9e04d7f3f15f29f11823185ea5d50
Signed-off-by: Barani Muthukumaran <bmuthuku@codeaurora.org>