CDH | storage: consider implementing luks-encrypt-storage in Rust

[wainersm]

Currently CDH's secure mount with block device relies on luks-encrypt-storage to initialize and mount the block device within the guest. The script should be located inside the guest, in /usr/local/bin/luks-encrypt-storage (see here)

Two problems arise from that design:

1. Being a shell script, the guest image must have a shell (bash actually) installed. For those trying to reduce the image size and minimize attack surface, having to ship bash may be unwanted
2. the shell script should be bundled inside the guest which increases the complexity of the building the guest image as a compatible version of the script should be maintained by the consumer project (e.g. kata) or pulled from this repository (to avoid a derived problem which is the mismatch of versions)

The problem 1) can be solved by converting the script to a program but it still leaves 2) unsolved (and perhaps worsened, now you would need to build the program). Another approach that solves 1) and 2) is to re-implement the script in Rust within the CDH storage's block device luks module.

But users might still want to provide their own script/program. So it could be implemented a resolve algorithm like:

• Run /usr/local/bin/luks-encrypt-storage if found
• Otherwise, fallback to the default Rust implementation