Add support to generate encrypted images

Solves #156 (closed), # #181 (closed), #171 (closed) (partially).

# New values in profiledef.sh
airootfs_image_type:     ext4+squashfs+luks
                         squashfs+luks
                         erofs+luks
keys_image_type:         same values as above
keys_image_tool_options: same as airootfs_image_tool_options
buildmode:               keys  # when enabled produces the iso/image
                               # for the aforementioned dongle
encryption_key:          <file>
                         auto

New +luks airootfs image types are added to handle LUKS encrypted rootfs.

One between a key, a plain password or an activation dongle image is returned together with the main ISO if an encrypted image type is selected.

Encryption type is handled by the encryption_key variable.

When set to a file, it will use it for encryption.

When set to auto, it will encrypt the disk with a newly generated key.

When unset, the user is prompted to insert a plain-text password.

A new keys buildmode is added which builds an <iso_label>_KEYS ISO which automatically unlocks the system when physically attached to the computer.

A new variable for crypto kernel parameters has been added to bootloaders' configurations.

When encryption is enabled, public package list is (should be? do we want a ) removed from the ISO.

Depends on

• !253 (closed).
• !259 (closed).
• https://gitlab.archlinux.org/mkinitcpio/mkinitcpio-archiso/-/merge_requests/25.
• support on-file rootfs to support patch for cryptsetup's encrypt hook.

Currently superseeded by

• !279 (closed)

Testing

• Burn archlinux (AUR).
• A PKGBUILD that builds this branch has been published as archiso-encryption (AUR) with preconfigured ebaseline and ereleng replicas in archiso-profiles (AUR)