Add NHN Cloud SKM wrapper

[arthas-choi-nhn]

This PR introduces a new wrapper implementation for NHN Cloud Secure Key Manager (SKM), providing integration with NHN Cloud's key management service for encryption and decryption operations.

Key Changes

• Envelope Encryption Implementation: Implements envelope encryption pattern following AWS KMS wrapper design, enabling support for unlimited data sizes by encrypting data with a Data Encryption Key (DEK) and protecting the DEK with NHN Cloud SKM
• Key Rotation Support: Adds atomic key tracking with currentKeyId and version management based on NHN Cloud SKM API responses
• Dual Mechanism Support: Supports both direct encryption (legacy compatibility) and envelope encryption (default for new operations)
• Complete Test Coverage: Includes comprehensive unit tests and acceptance tests with proper credential handling

Implementation Details

• API Integration: Uses NHN Cloud SKM REST API v1.2 for symmetric key operations
• Authentication: Supports NHN Cloud user credentials with optional MAC address filtering
• Error Handling: Comprehensive error handling with descriptive messages for common failure scenarios
• Configuration Flexibility: Multiple configuration methods (environment variables, config map, wrapper options)
• Logging Support: Debug logging for encryption/decryption operations with hex formatting for binary data

Technical Approach

The wrapper follows the established patterns from existing KMS wrappers:

1. Envelope Encryption Flow:
   - Generate 32-byte AES-256 DEK for each operation
   - Encrypt actual data using AES-GCM with the DEK
   - Encrypt DEK using NHN Cloud SKM symmetric key
   - Store both encrypted data and encrypted DEK in BlobInfo
2. Key Version Tracking:
   - Tracks keyVersion from API responses for rotation support
   - Stores versioned key information in format keyId:vN
   - Enables seamless key rotation without data migration
3. Backward Compatibility:
   - Maintains support for direct encryption method
   - Automatic mechanism detection during decryption
   - Smooth migration path for existing encrypted data

Testing

• Unit Tests: Complete test coverage for all wrapper functionality
• Acceptance Tests: Integration tests requiring valid NHN Cloud SKM credentials
• Error Scenarios: Tests for configuration validation and API error handling
• Large Data Support: Validates envelope encryption for data larger than SKM's 32KB limit

Configuration

The wrapper supports standard go-kms-wrapping configuration patterns:

wrapper := nhncloudskm.NewWrapper()
_, err := wrapper.SetConfig(ctx, wrapping.WithConfigMap(map[string]string{
"app_key": "your-app-key",
"key_id": "your-key-id",
"user_access_key_id": "your-access-key-id",
"user_secret_access_key": "your-secret-access-key",
}))

This implementation enables OpenBao users to leverage NHN Cloud SKM for auto-unseal functionality and secure key management operations.

[cipherboy]

@arthas-choi-nhn Apologies about the delay in review! I've added a few comments inline, but looking fairly good.

The new full KMS APIs are available in #46 now, you should see them at kms/ if you pull the latest main.