util: add vaultDestroyKeys option to destroy Vault kv-v2 secrets

Hashicorp Vault does not completely remove the secrets in a kv-v2
backend when the keys are deleted. The metadata of the keys will be
kept, and it is possible to recover the contents of the keys afterwards.

With the new `vaultDestroyKeys` configuration parameter, this behaviour
can now be selected. By default the parameter will be set to `true`,
indicating that the keys and contents should completely be destroyed.
Setting it to any other value will make it possible to recover the
deleted keys.

Signed-off-by: Niels de Vos <ndevos@redhat.com>

examples/kms/vault/csi-kms-connection-details.yaml

@@ -29,6 +29,7 @@ data:
       "KMS_PROVIDER": "vaulttokens",
       "VAULT_ADDR": "http://vault.default.svc.cluster.local:8200",
       "VAULT_BACKEND_PATH": "secret",
+      "VAULT_DESTROY_KEYS": "true",
       "VAULT_SKIP_VERIFY": "true"
     }
   vault-tenant-sa-test: |-

examples/kms/vault/kms-config.yaml

@@ -10,6 +10,7 @@ data:
         "vaultAuthPath": "/v1/auth/kubernetes/login",
         "vaultRole": "csi-kubernetes",
         "vaultBackend": "kv-v2",
+        "vaultDestroyKeys": "true",
         "vaultPassphraseRoot": "/v1/secret",
         "vaultPassphrasePath": "ceph-csi/",
         "vaultCAVerify": "false"
@@ -29,7 +30,8 @@ data:
                   "vaultCAVerify": "true"
               },
               "an-other-app": {
-                  "tenantTokenName": "storage-encryption-token"
+                  "tenantTokenName": "storage-encryption-token",
+                  "vaultDestroyKeys": "false"
               }
           }
       },