When we forget a volume, forget per-volume key

Protect all per-volume-per-user keys with a per-volume key, which is
forgotten when the volume is forgotten. This means that the user's key
is securely lost even when their storage is encrypted at forgetting
time.

Bug: 25861755
Test: create a volume, forget it, check logs and filesystem.
Change-Id: I8df77bc91bbfa2258e082ddd54d6160dbf39b378

KeyUtil.cpp

diff --git a/KeyUtil.cpp b/KeyUtil.cpp
index dbc73c1..9885440 100644
--- a/KeyUtil.cpp
+++ b/KeyUtil.cpp
@@ -161,12 +161,13 @@
     return success;
 }
 
-bool retrieveAndInstallKey(bool create_if_absent, const std::string& key_path,
-                           const std::string& tmp_path, std::string* key_ref) {
+bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_authentication,
+                           const std::string& key_path, const std::string& tmp_path,
+                           std::string* key_ref) {
     KeyBuffer key;
     if (pathExists(key_path)) {
         LOG(DEBUG) << "Key exists, using: " << key_path;
-        if (!retrieveKey(key_path, kEmptyAuthentication, &key)) return false;
+        if (!retrieveKey(key_path, key_authentication, &key)) return false;
     } else {
         if (!create_if_absent) {
            LOG(ERROR) << "No key found in " << key_path;
@@ -174,8 +175,7 @@
         }
         LOG(INFO) << "Creating new key in " << key_path;
         if (!randomKey(&key)) return false;
-        if (!storeKeyAtomically(key_path, tmp_path,
-                kEmptyAuthentication, key)) return false;
+        if (!storeKeyAtomically(key_path, tmp_path, key_authentication, key)) return false;
     }
 
     if (!installKey(key, key_ref)) {