Replace the "Encryption" settings with a new settings tab

[richvdh]

Currently, the "Security & Privacy" settings tab has a very confusing set of options relating to encryption. As a result of this, the UX was revisited to ensure a straightforward UX when it comes to enabling key storage and setting up recovery, as well as make sure that EW and EX are consistent. The plan is as follows:

1. A new top-level menu item Encryption:
   1. The primary purpose of this is enabling/disabling the Key storage and setting up Recovery.
   2. Since the new designs use the term Recovery Key, the term Security Key needs to be replaced with Recovery Key throughout the UI.
   3. The secondary purpose is the Advanced section which contains other encryption-related settings or actions which are already supported on EW and which we want to keep long-term but which are only used rarely or used by power-users:
      1. Show session details - power users.
      2. Export/import keys manually - power users.
      3. Reset cryptographic identity (this should reset everything - e.g. cross-signing keys and key storage) - in case of compromise of user keys.
      4. Not sending messages to unverified devices/users - power users or very paranoid users.
2. As a result of the previous point, the existing Security & Privacy menu item should no longer contain the functionality that was moved to the Encryption menu item:
   1. Remove Security & Privacy > Secure Backup section.
   2. Remove Security & Privacy > Cross-signing section.
   3. Remove Security & Privacy > Cryptography section.
   4. There is also a new design for the Security & Privacy menu item due to the above but not only - it contributes to the UX of this section in other ways. (Note that some parts of implementing this design are not included in this task, but are covered in Update the Security & Privacy tab in Settings to match designs #29863 )

There are also 2 adjacent pieces which greatly support having a better and more consistent UX to make the crypto "invisible" and support the rollout of the exclusion of insecure devices:

1. Updating the identity reset flow, so it no longer embeds the setup of the recovery.
2. As a consequence of the above - show a toast & a red dot next to the Encryption menu item when recovery is not set up.

The work comprises the following tasks (in order of priority):

• Enable key backup by default #28691
• Add Recovery section in the new user settings Encryption tab #28673
• Add Advanced section to the user settings encryption tab #28804
• Implement "reset cryptographic identity" flow in new Encryption settings #28977
• Add key storage toggle to Encryption settings #29310
• Add key storage out of sync toast (Add toast for secret keys being out of sync #28946)
• Remove Secure Backup, Cross-signing and Cryptography sections in Security & Privacy user settings #29088
• Rename "security key" into "recovery key" #29217

Out of scope:

• Update the Security & Privacy tab in Settings to match designs #29863

Original report

Key Backup section in User Settings is very confusing

The current UI of EW for enabling key storage and setting up recovery, is very confusing. A list of example problems:

• It implies that this is only needed "in case you lose access to your sessions". This is incorrect; it is needed so that you can get access to the messages on any new device.
• It is unclear what the "Your keys will be secured with a unique Security Key" means. What is this "security key"? Perhaps its talking about the 4S "recovery key" (cf UX: is it a Security Key or a Recovery Key element-meta#2394)?
• The buttons make no sense at all:
  • Restore from backup" wedges your entire UI (Restore keys (from secure online backup) in background rather than foreground #20694). It doesn't seem like a useful operation anyway.
  • The goal of the "Reset" button is unclear (it's probably meant to just reset the backup, but also ends up resetting 4S, and makes a mess of it).
  • The "Delete" button only deletes the most recent key backup. Its behaviour is very confusing
• The UI does not make clear whether the backup is signed with a trusted key. On the contrary, it says: "This session is not backing up your keys, but you do have an existing backup you can restore from and add to going forward." Which is incorrect.
• In the "Advanced" section:
  • What are the possible values for each of the first four entries? What do they mean?
  • Why is information about "Secret Storage" listed here? 4S is useful for things other than key backup so it's an odd place to hide info about it.