Use Web Crypto API instead of SJCL #1098
Description
The web platform didn't supported encryption when Croodle development started. Therefore it uses the Stanford JavaScript Crypto Library (SJCL) for encryption.
These days all browser support the Web Crypto API. We should use that native API for deriving the key from the passphrase, encrypting the user input and decrypting it. It provides better security, does not require shipping additional code over the wire, and has better performance.
Sadly it's not a drop in replacement. Croodle uses AES in CCM mode today. The Web Crypto API does not support CCM mode. We need switching to AES in GCM mode, which provides the same security (authenticated encryption).
To keep backward compatibility with existing polls, we should introduce a new encryption format and fallback to SJCL in case the poll was created with the old format. We can import SJCL dynamically to avoid shipping it's code over the wire if not needed.
Key derivation is not impacted. We use PBKDF2 today, which is supported by Web Crypto API.