Protect against swapping values in key-value storage

[blochberger]

The key-value storage provider could exchange values. Integrity of single values is protected by authenticated encryption, but values can still be decrypted if assigned to another key of the same user. If the provider has access to the users reactions, swapped values can be linked.

Fix this by adding the key to the value before encrypting it. Integrity violation can be detected if the key used for retrieving the value does not match with the retrieved key stored alongside the value.