Make StrictAwsKmsMasterKeyProvider documentation clearer

[acioc]

Per #310 , our documentation implies that StrictAwsKmsMasterKeyProvider can encrypt and decrypt with alias ARNs. We should update this to make it clearer that you can only encrypt with alias ARNs. Decryption will not succeed since the alias ARN will not match the actual key ARN.

[xoob]

This issue just bit me while following the Python SDK Example where I intuitively used an alias ARN. I was able to encrypt but not decrypt, getting DecryptKeyError: Unable to decrypt any data key.