Previously, empty master keys were passed to the underlying
cryptographic primitives (HKDF, AEAD, etc.).
While this worked because the authentication mechanisms returned an
error, it's best to avoid passing empty master keys to these primitives
in the first place. This refactor avoids passing empty master keys and
enforces this via an assertion in the key derivation function.
* implemented format blob cache abstraction
* moved upgrade lock logic to repo/format
* moved set parameters logic to repo/format
* moved change password functionality to repo/format
* mechanical changes
* mechanical changes to react to format manager interface
* get current repository format bytes instead of static
* implemented format.Manager which dynamically fetches and caches latest format blob
* repo changes to use format.Manager
* fixed failing unit test due to different timings
* reduced lock contention by using RWMutex
* serve immutable parts of format without any locks
* increase test timeout
* fixed handling of negative validDuration
The new rules are:
- validDuration < 0 - ignore initial cached file, refresh every 15min
- validDuration > 15min - refresh every 15 minutes
- validDuration > 0 && validDuration <= 15min - refresh using provided
interval (mostly used for testing)
