Encrypt PEM files with AES

[ckauf]

elasticsearch-certutil uses DES-EDE3-CBC for encrypting private keys when writing them to PEM files.

It should be considered to move to an AES based one.

[elasticmachine]

Pinging @elastic/es-security (:Security/Network)

[tvernum]

See: CertificateTool.getEncrypter