Strip by default in tools/encrypt_secret

Trailing whitespace (newlines) in secrets is almost
never what people want, but it's easy to leave them in
and then wind up with hard to debug issues. Switch the
defaut - make a new option "--no-strip" that will disable
the behavior.

Change-Id: I46947e38807b55e5cc3bacc060f5d41a63b564b8

releasenotes/notes/strip-encrypt-secret-87b06dc887312117.yaml

@@ -0,0 +1,8 @@
+---
+upgrade:
+  - |
+    The default behavior of the ``tools/encrypt_secret.py``
+    helper script is now to strip incoming input of leading
+    and trailing whitespace. A new ``--no-strip`` option
+    has been added to support people with secrets that contain
+    valid leading or trailing whitespace.

tools/encrypt_secret.py

@@ -56,8 +56,11 @@ def main():
                         default=None,
                         help="The name of the Zuul tenant.  This may be "
                         "required in a multi-tenant environment.")
-    parser.add_argument('--strip', action='store_true', default=False,
+    parser.add_argument('--strip', default=None,
-                        help="Strip whitespace from beginning/end of input.")
+                        help='Unused, kept for backward compatibility.')
+    parser.add_argument('--no-strip', action='store_true', default=False,
+                        help="Do not strip whitespace from beginning or "
+                        "end of input.")
     parser.add_argument('--infile',
                         default=None,
                         help="A filename whose contents will be encrypted.  "
@@ -119,7 +122,7 @@ def main():
         plaintext = sys.stdin.read()
 
     plaintext = plaintext.encode("utf-8")
-    if args.strip:
+    if not args.no_strip:
         plaintext = plaintext.strip()
 
     pubkey_file = tempfile.NamedTemporaryFile(delete=False)