Provide mechanism to encrypt sensitive data in the DB

[r4victor]

Currently dstack server stores all data in plaintext which includes backend credentials. All sensitive data should be stored encrypted to mitigate risks of a leaked database. To support this for different databases, the dstack server should implement encryption for specific sensitive columns which would include user tokens and backend creds, and secrets values once secrets are supported (#708). The proposed encryption scheme is to let user specify a secret value via env that is used to derive an encryption key (via pbkdf2) for AES-256 symmetric encryption.

Implementation details:

• Migration to encrypted values should be done on server init (secret key may not be available when running db migrations). The server should get a persistent global state to store whether encryption was enabled and also to store salt used to derive the key from secret.
• Handle the lost secret case. There should be a way to make the server work again by creating new admin user, reconfiguring backends, etc.