Migrate storage of recovery key from crypt_output.plist to the keychain.

[weswhet]

I've been spending a lot of time recently interacting with the keychain and I realized the keychain would be a great spot to store the key instead of directly on disk. I believe we can use https://github.com/square/Valet to simplify this process as the keychain API is a sleeping dragon for newcomers. Once we migrate the checkin code to swift this will be extremely easy to keep the ACLs for the key organized.

We can also keep a Managed Preference list of paths that should have access to the key. Unsure if authorized restarts in munki is still used but it would be easy to grant munki access to it.