Here is an updated patch.
I mainly spent time on adding a full set of DDL commands for the keys.
This made the patch very bulky now, but there is not really anything
surprising in there. It probably needs another check of permission
handling etc., but it's got everything there to try it out. Along with
the DDL commands, the pg_dump side is now fully implemented.
Secondly, I isolated the protocol changes into a protocol extension with
the name _pq_.column_encryption. So by default there are no protocol
changes and this feature is disabled. AFAICT, we haven't actually ever
used the _pq_ protocol extension mechanism, so it would be good to
review whether this was done here in the intended way.
At this point, the patch is sort of feature complete, meaning it has all
the concepts, commands, and interfaces that I had in mind. I have a
long list of things to recheck and tighten up, based on earlier feedback
and some things I found along the way. But I don't currently plan any
more major architectural or design changes, pending feedback. (Also,
the patch is now very big, so anything additional might be better for a
future separate patch.)
