Consider using the "masked" code for encrypted resource parts

[chgl]

Currently, when a value is encrypted, the custom encrypted flag is set as a security label: https://github.com/microsoft/FHIR-Tools-for-Anonymization/blob/6a9b8614c319afb5f85959c02f86b2304ec4618c/src/Microsoft.Health.Fhir.Anonymizer.Shared.Core/Models/SecurityLabels.cs#L28-L32. I think using the masked code here would be more appropriate, see https://terminology.hl7.org/2.0.0/CodeSystem-v3-ObservationValue.html:

Usage Note: "MASKED" may be used, per applicable policy, as a flag to indicate to a user or receiver that some portion of an IT resource has been further encrypted, and may be accessed only by an authorized user or receiver to which a decryption key is provided.

Which seems fitting.