[RFE] integration with a KMS API

[romdalf]

User story:
As a platform engineer, I want to leverage our internal KMS (Key Management Service) API to host the encryption envelop token, so that my security governance is respected.

Acceptance criteria:
Given the security choice of using a KMS (not deployed on the same kubernetes cluster), when I want to use Trousseau to interface to the Kubernetes secret plugin provider framework, then I want the KMS to be used to host the encryption envelop token being recorded and retrieved by Trousseau.