Produce and encrypt recovery bundles

swh alter remove should produce backups with what has been removed from the archive. These backups should contain enough information to restore removed data in case of a mistake. Because they might contain sensitive data, they should be encrypted using a public encryption key. (The decryption key will be split between multiple entities.)

• Design a format for the recovery bundles (!2 (merged))
• Implement basic operations (creation, extraction, key management) to handle recovery bundles (!3 (merged))
• Implement backing up objects to recovery bundles from swh alter remove (!3 (merged))