scsicrypto: don't expose kek in job log

[bruno-at-bareos]

With this PR kek used in unwrapping operation is no more exposed in job log in case of errors.
If you want to debug operation you need to raise the debug level to 1000.

fix bareos/internal/issues/413

During an error the trace will contain

06-Oct-2025 16:29:07.191925 bareos-sd (1000): scsicrypto/scsicrypto-sd.cc:350-6 scsicrypto-sd: Failed to unwrap encryption key using kR%(}uKrD[}^BG|v]zT^v,#M5H@$6hra
06-Oct-2025 16:29:07.191934 bareos-sd (10): scsicrypto/scsicrypto-sd.cc:352-6 ERROR: scsicrypto-sd: Failed to unwrap encryption key, probably wrong KeyEncryptionKey in con
fig (ERR=EVP_EncryptUpdate(): error:1C800066:Provider routines::cipher operation failederror:030000BD:digital envelope routines::update error, )
06-Oct-2025 16:29:07.191938 bareos-sd (850): lib/message.cc:618-6 Enter DispatchMessage type=4 msg=bareos-sd: ERROR in scsicrypto/scsicrypto-sd.cc:352 scsicrypto-sd: Faile
d to unwrap encryption key, probably wrong KeyEncryptionKey in config (ERR=EVP_EncryptUpdate(): error:1C800066:Provider routines::cipher operation failederror:030000BD:dig
ital envelope routines::update error, )
06-Oct-2025 16:29:07.191943 bareos-sd (850): lib/message.cc:825-6 DIRECTOR for following msg: bareos-sd: ERROR in scsicrypto/scsicrypto-sd.cc:352 scsicrypto-sd: Failed to
unwrap encryption key, probably wrong KeyEncryptionKey in config (ERR=EVP_EncryptUpdate(): error:1C800066:Provider routines::cipher operation failederror:030000BD:digital
envelope routines::update error, )
06-Oct-2025 16:29:07.191966 bareos-sd (1000): lib/crypto_openssl.cc:1558-6 SSL_get_error() returned no-error

While the joblog will only shows

06-Oct 16:29 bareos-sd JobId 6: 3305 Autochanger "load slot 1, drive 0", status is OK.
06-Oct 16:29 bareos-sd: ERROR in scsicrypto/scsicrypto-sd.cc:352 scsicrypto-sd: Failed to unwrap encryption key, probably wrong KeyEncryptionKey in config (ERR=EVP_EncryptUpdate(): error:1C800066:Provider routines::cipher operation failederror:030000BD:digital envelope routines::update error, )
06-Oct 16:29 bareos-sd JobId 6: 3307 Issuing autochanger "unload slot 1, drive 0" command.
06-Oct 16:29 bareos-sd JobId 6: Warning: stored/acquire.cc:317 Read acquire: 06-Oct 16:29 bareos-sd JobId 6: 3301 Issuing autochanger "loaded? drive 0" command.

Additionally we propose a mathematical approach to generate the parameter when in systemtests/always-incremental

Thank you for contributing to the Bareos Project!

Please check

• Short description and the purpose of this PR is present above this paragraph
• Your name is present in the AUTHORS file (optional)

If you have any questions or problems, please give a comment in the PR.

Helpful documentation and best practices

• Git Workflow
• Automatic Sourcecode Formatting
• Check your commit messages
• Boy Scout Rule

Checklist for the reviewer of the PR (will be processed by the Bareos team)

Make sure you check/merge the PR using devtools/pr-tool to have some simple automated checks run and a proper changelog record added.

General

• Is the PR title usable as CHANGELOG entry?
• Purpose of the PR is understood
• Commit descriptions are understandable and well formatted
• Required backport PRs have been created
• Correct milestone is set

Source code quality

• Source code changes are understandable
• Variable and function names are meaningful
• Code comments are correct (logically and spelling)
• Required documentation changes are present and part of the PR

[arogge]

Looks good to me. Thank you!