Decryption of encrypted ENVs

[stp-ip]

Make it possible to decrypt ENVs. One could provide the container with _env_AWS_CREDENTIAL=$encrypted_credential, which stocker decrypts and submits as AWS_CREDENTIAL=$credential on an exec run. This would enable to use ENVs and secured ENVs for containers. It would make switching environments easy and additionally make it possible to base encrypted data onto ENVs without another backend necessary.