Add per-item encryption/authentication to the cloud log storage.

We should generate encrypted data and decrypt it again on read, but we
don't yet enforce only reading data which passes the integrity check.