Implement end-to-end app payload encryption.

This implements end-to-end encryption between the end-device and
end-application. The encrypted AppSKey or SessionKeyID is forwarded to
the end-application which should be able to decrypt or request the
AppSKey to decrypt the uplink payload. As well the end-application will
be able to enqueue encrypted application payloads.

Using this mechanism, ChirpStack will never have access to the uplink
and downlink application-payloads.

api/python/proto/chirpstack-api/internal/internal.proto

@@ -31,6 +31,9 @@ message DeviceSession {
   // AppSKey envelope.
   common.KeyEnvelope app_s_key = 8;
 
+  // JS Session Key ID.
+  bytes js_session_key_id = 42;
+
   // Uplink frame-counter.
   uint32 f_cnt_up = 9;