Encrypt the Postgresql data dir on the replica (centaurus)

encfs always runs a configuration assistant when creating a new
volume, so this needs to be done manually:

   systemctl stop postgresql@12-main
   mv /var/lib/postgresql /var/lib/postgresql.old
   encfs /var/lib/postgresql_encrypted /var/lib/postgresql --public
Pick p (paranoia mode) and enter the password from the data bag twice

   mv /var/lib/postgresql/* /var/lib/postgresql/
   systemctl start postgresql@12-main

This is running on centaurus and is mounted automatically on boot by a
system unit

Refs #129

site-cookbooks/kosmos-postgresql/templates/mount_pg_encfs.erb

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+/bin/echo "<%= @password %>" | encfs /var/lib/postgresql_encrypted /var/lib/postgresql --public -S