Feature: Add KMS data key decryption

[dgreene-r7]

This PR adds decryption support for secrets encrypted against data keys generated via KMS. generateDataKey(). The initial implementation requires all secrets to be encrypted via the aes-256-cbc cipher.

[coveralls]

Coverage increased (+0.2%) to 92.944% when pulling 5323d64 on feature-add-kms-datakey-decryption into f397c25 on master.

[fmitchell-r7]

Why did the key name change from PlainText to Plaintext?

[dgreene-r7]

Turns out I mucked it up in the original tests. The property returned from KMS.decrypt() is actually Plaintext.

[fmitchell-r7]

👍 Thanks for getting this working!