Support secure secret export / import

[mcpherrinm]

If you run multiple Keywhiz servers, it would be convenient to have a way (API + cli) to export the encrypted secret for import into another server.

This is easy if both are using the same derivation key for their ciphertext: Just produce a json blob that's approximately what's in the database.

We could support re-encrypting to a new symmetric key as well, or use public/private key crypto transmit without a shared secret.