New patch.
Per some feedback, I have renamed this feature. People didn't like the
"transparent", for various reasons. The new name I came up with is
"automatic client-side column-level encryption". This also matches the
terminology used in other products better. (Maybe the acronym ACSCLE --
pronounced "a chuckle" -- will catch on.) I'm also using various
subsets of that name when the context is clear.
Other changes since v15:
- CEKs and CMKs now have USAGE privileges. (There are some TODO markers
where I got too bored with boilerplate. I will fill those in, but the
idea should be clear.)
- Renamed attrealtypid to attusertypid. (It wasn't really "real".)
- Added corresponding attusertypmod.
- Removed attencalg, it's now stored in atttypmod.
(The last three together make the whole attribute storage work more
sensibly and smoothly.)
- Various documentation changes (review by Mark Dilger)
- Added more explicit documentation that this feature is not to protect
against an "evil DBA".