Ext4 encryption

This meets requirements for Chromium OS and Android while keeping the total inode size within 256 bytes. So we don't need to spill over the default amount allocated for an inode, and we get a performance boost from being able to use what's already being read in.

Based on the prevalent usage patterns I've been seeing for eCryptfs, which lets you specify one policy per mount point, this per-top-level-directory approach to policy will work fine. My initial prototype let you specify file-granular policies with fancy things like synthesizing multiple keys, but it took too much xattr space and didn't seem to address any compelling requirements.