* disable endless retry logic
- we should do the retry logic at application cmd/ro, cmd/ro will need to
deal with keyboard interrupts as well
* update test self-signed certificate with a expiry of 100 years
* ro tool supports retries after getting delegation errors
This change addresses several points:
1. The integration tests didn't verify that delegations could be used
for decryption following a restore. The integration tests now
verify this.
2. There was no functionality for clearing persisted delegations if
needed. The vault admin can now do this via the command line tool.
3. Restoring active delegations wasn't storing the key with the
delegation. Keys are now serialised properly.
4. [Minor] The MSP package now reports the name of the offending user
when it can't find a user name in the database.
The "minimum" parameter was ignored, so when a single user
was provided as an owner, the encrypted data had no KeySet value
and could not be decrypted.
This change fixes the API and cryptor to pay attention to the Minimum
parameter and handle the case where Minimum is 1
