Image and flavor defined ephemeral storage encryption

Gerrit topic: https://review.opendev.org/#/q/topic:spec/ephemeral-storage-encryption

Addressed by: https://review.opendev.org/752284
    WIP - Image and flavor defined ephemeral storage encryption

[20210122 gibi]: spec merged so the bp is approved to Wallaby

[20210602 gibi]: spec merged so the bp is approved to Xena

impl https://review.opendev.org/q/message:ephemeral-storage-encryption+status:open

[2021-09-07 gibi]: We hit feature freeze so it is now deferred from Xena.

[20211117 bauzas] Spec was reproposed and then approved.

[20220225 bauzas] Implementation hit by FeatureFreeze, please repropose the blueprint/spec for the Zed release.

Implementation patches are actually in https://blueprints.launchpad.net/nova/+spec/ephemeral-encryption-libvirt

[20220614 bauzas] Spec was approved for the Zed cycle https://review.opendev.org/c/openstack/nova-specs/+/835877

[20221115 bauzas] Spec got approved for Antelope https://review.opendev.org/c/openstack/nova-specs/+/864138

Gerrit topic: https://review.opendev.org/#/q/topic:specs/yoga/approved/ephemeral-encryption-libvirt

Addressed by: https://review.opendev.org/c/openstack/nova/+/826756
    imagebackend: Cache the key manager when disk is encrypted

Addressed by: https://review.opendev.org/c/openstack/nova/+/870931
    libvirt: Configure and teardown ephemeral encryption secrets

Addressed by: https://review.opendev.org/c/openstack/nova/+/870933
    Support resize with ephemeral encryption

Addressed by: https://review.opendev.org/c/openstack/nova/+/870934
    Add encryption support to convert_image

Addressed by: https://review.opendev.org/c/openstack/nova/+/870936
    Add encryption support to qemu-img rebase

Addressed by: https://review.opendev.org/c/openstack/nova/+/870937
    Support snapshot with ephemeral encryption

Addressed by: https://review.opendev.org/c/openstack/nova/+/870938
    Add reset_encryption_fields() and save_all() to BlockDeviceMappingList

Addressed by: https://review.opendev.org/c/openstack/nova/+/870939
    Update driver BDMs with ephemeral encryption image properties

Addressed by: https://review.opendev.org/c/openstack/nova/+/826754
    libvirt: Configure and teardown ephemeral encryption secrets

[20230307 bauzas] Deferred as implementation not merged in 2023.1

[20230707 bauzas] Spec approved for Bobcat https://review.opendev.org/c/openstack/nova-specs/+/887011/

[20230905 bauzas] Deferred as implementation not merged in 2023.2

Addressed by: https://review.opendev.org/c/openstack/nova-specs/+/897502
    Re-propose spec for ephemeral storage encryption

[20231114 bauzas] Spec got approved again for Caracal

Addressed by: https://review.opendev.org/c/openstack/nova/+/870935
    Add hw_ephemeral_encryption_secret_uuid image property

Addressed by: https://review.opendev.org/c/openstack/nova/+/904240
    Reject resize API requests with conflicting ephemeral encryption

Addressed by: https://review.opendev.org/c/openstack/nova/+/907960
    Add backing_encryption_secret_uuid to BlockDeviceMapping

Addressed by: https://review.opendev.org/c/openstack/nova-specs/+/907654
    Update ephemeral encryption specs to reflect implementation

Addressed by: https://review.opendev.org/c/openstack/nova/+/909945
    Report ephemeral disk encryption in the metadata API

Addressed by: https://review.opendev.org/c/openstack/nova/+/910034
    Documentation for ephemeral encryption

Addressed by: https://review.opendev.org/c/openstack/nova/+/912094
    Consolidate vTPM and ephemeral encryption secret creation