release-23.1: cli: fix debug pebble commands on encrypted stores

[RaduBerinde]

Backport 1/1 commits from #110150.

/cc @cockroachdb/release

Release justification: improves usability of tool used for customer support.

---

Currently the debug pebble commands only work correctly on an
encrypted store if the encrypted store's path is cockroach-data or
the store directory is passed using --store (in addition to being
passed to the pebble subcommand itself). What's worse, knowledge of
this subtle fact was lost among team members.

The root cause is that we are trying to resolve encryption options
using the server config. The difficulty is that there are a bunch of
different commands and there is no unified way to obtain the store
directory of interest

To fix this, we create autoDecryptFS. This is a vfs.FS
implementation which is able to automatically detect encrypted paths
and use the correct unencrypted FS. It does this by having a list of
known encrypted stores (the ones in the --enterprise-encryption
flag), and looking for any of these paths as ancestors of any path in
an operation. This new implementation replaces swappableFS and
absoluteFS.

We also improve the error message when we try to open an encrypted
store without setting up the key correctly.

Fixes: #110121

Release note (bug fix): cockroach debug pebble commands now work
correctly with encrypted stores which don't use the default
cockroach-data path without having to also pass --store.

[blathers-crl]

Thanks for opening a backport.

Please check the backport criteria before merging:

• Patches should only be created for serious issues or test-only changes.
• Patches should not break backwards-compatibility.
• Patches should change as little code as possible.
• Patches should not change on-disk formats or node communication protocols.
• Patches should not add new functionality.
• Patches must not add, edit, or otherwise modify cluster versions; or add version gates.

If some of the basic criteria cannot be satisfied, ensure that the exceptional criteria are satisfied within.

• There is a high priority need for the functionality that cannot wait until the next release and is difficult to address in another way.
• The new functionality is additive-only and only runs for clusters which have specifically “opted in” to it (e.g. by a cluster setting).
• New code is protected by a conditional check that is trivial to verify and ensures that it only runs for opt-in clusters.
• The PM and TL on the team that owns the changed code have signed off that the change obeys the above rules.

Add a brief release justification to the body of your PR to justify this backport.

Some other things to consider:

• What did we do to ensure that a user that doesn’t know & care about this backport, has no idea that it happened?
• Will this work in a cluster of mixed patch versions? Did we test that?
• If a user upgrades a patch version, uses this feature, and then downgrades, what happens?

[cockroach-teamcity]

This change is 

[RaduBerinde]

Oops, the merge wasn't right, I'll fix.

[RaduBerinde]

Fixed.

[RaduBerinde]

Friendly ping.

[jbowens]

Reviewed 8 of 8 files at r1, all commit messages.
Reviewable status: complete! 1 of 0 LGTMs obtained (waiting on @RaduBerinde)