internal/age: remove EncryptWithArmor and armor support in Decrypt

The caller can take care of the armor. For consistency move the
responsibility to close the armor to the caller, and make the stream
Writer not propagate Close.

This also will also allow us to spin the armor implementation out into
its won package that imports format, without getting an import loop from
format.Parse magically invoking armor decoding.

Less magic in the API, more magic in the CLI.

internal/stream/stream.go

@@ -132,14 +132,14 @@ func setLastChunkFlag(nonce *[chacha20poly1305.NonceSize]byte) {
 
 type Writer struct {
 	a         cipher.AEAD
-	dst       io.WriteCloser
+	dst       io.Writer
 	unwritten []byte // backed by buf
 	buf       [encChunkSize]byte
 	nonce     [chacha20poly1305.NonceSize]byte
 	err       error
 }
 
-func NewWriter(key []byte, dst io.WriteCloser) (*Writer, error) {
+func NewWriter(key []byte, dst io.Writer) (*Writer, error) {
 	aead, err := chacha20poly1305.New(key)
 	if err != nil {
 		return nil, err
@@ -178,21 +178,19 @@ func (w *Writer) Write(p []byte) (n int, err error) {
 	return total, nil
 }
 
-// Close will flush the last chunk and call the underlying
-// WriteCloser's Close method.
+// Close flushes the last chunk. It does not close the underlying Writer.
 func (w *Writer) Close() error {
 	if w.err != nil {
 		return w.err
 	}
 
-	err := w.flushChunk(lastChunk)
-	if err != nil {
-		w.err = err
-		return err
+	w.err = w.flushChunk(lastChunk)
+	if w.err != nil {
+		return w.err
 	}
-	w.err = errors.New("stream.Writer is already closed")
 
-	return w.dst.Close()
+	w.err = errors.New("stream.Writer is already closed")
+	return nil
 }
 
 const (