Encrypt the Postgresql data dir on the replica (centaurus)

encfs always runs a configuration assistant when creating a new
volume, so this needs to be done manually:

   systemctl stop postgresql@12-main
   mv /var/lib/postgresql /var/lib/postgresql.old
   encfs /var/lib/postgresql_encrypted /var/lib/postgresql --public
Pick p (paranoia mode) and enter the password from the data bag twice

   mv /var/lib/postgresql/* /var/lib/postgresql/
   systemctl start postgresql@12-main

This is running on centaurus and is mounted automatically on boot by a
system unit

Refs #129

site-cookbooks/kosmos-postgresql/recipes/replica.rb

@@ -29,6 +29,7 @@ postgresql_service = "postgresql@#{postgresql_version}-main"
 
 postgresql_custom_server postgresql_version do
   role "replica"
+  encfs true
 end
 
 service postgresql_service do