cleanup: address golangci 'funcorder' linter problems

The new 'funcorder' linter expects all public functions to be placed
before private functions of a struct. Many private functions needed
moving further down into their files.

Some files had many issues reported. To reduce the churn in those files,
they have been annotated with a `//nolint:funcorder` comment.

Signed-off-by: Niels de Vos <ndevos@ibm.com>

internal/kms/vault.go

@@ -122,6 +122,19 @@ func setConfigString(option *string, config map[string]interface{}, key string)
 	return nil
 }
 
+// Destroy frees allocated resources. For a vaultConnection that means removing
+// the created temporary files.
+func (vc *vaultConnection) Destroy() {
+	if vc.vaultConfig != nil {
+		tmpFile, ok := vc.vaultConfig[api.EnvVaultCACert]
+		if ok {
+			// ignore error on failure to remove tmpfile (gosec complains)
+			//nolint:forcetypeassert,errcheck // ignore error on failure to remove tmpfile
+			_ = os.Remove(tmpFile.(string))
+		}
+	}
+}
+
 // initConnection sets VAULT_* environment variables in the vc.vaultConfig map,
 // these settings will be used when connecting to the Vault service with
 // vc.connectVault().
@@ -298,19 +311,6 @@ func (vc *vaultConnection) connectVault() error {
 	return nil
 }
 
-// Destroy frees allocated resources. For a vaultConnection that means removing
-// the created temporary files.
-func (vc *vaultConnection) Destroy() {
-	if vc.vaultConfig != nil {
-		tmpFile, ok := vc.vaultConfig[api.EnvVaultCACert]
-		if ok {
-			// ignore error on failure to remove tmpfile (gosec complains)
-			//nolint:forcetypeassert,errcheck // ignore error on failure to remove tmpfile
-			_ = os.Remove(tmpFile.(string))
-		}
-	}
-}
-
 // getDeleteKeyContext creates a new KeyContext that has an optional value set
 // to destroy the contents of secrets. This is configurable with the
 // `vaultDestroyKeys` configuration parameter.