Encrypt the keys file by default #8
Description
The private keys file (did:plc:....json) should be encrypted by default using a user-provided passphrase. It should be possible to opt-out of encryption but it should be on by default.
Need to research the best approach for key encryption, in particular best practices for TLS keys, code signing keys, SSH keys, crypto wallets, GPG keys, passkeys. Doesn't appear to be much prior art in the DID/ATProto space but I might be wrong.
Whatever approach is chosen needs to have a mature node implementation. We might end up going with age but let's not jump to a solution just yet.