replace pycryptodome with pyca/cryptography 2.0.3

[redshiftzero]

Status

Ready for review

Description of Changes

Fixes #3399, remix of #3400

See #3441 for why cryptography 2.0.3 is what we'll need to install in 0.8.0

Testing

The integration tests and the secure tempfile unit tests here do test this functionality.

In addition, one can manually test by submitting a file that is greater than 512KB and ensuring that you can successfully decrypt it.

Deployment

It will install without issue on existing and new installs

Checklist

If you made changes to the server application code:

• Linting (make ci-lint) and tests (make -C securedrop test) pass in the development container

[redshiftzero]

On the build on 117acb664588c8664f23ee0101279e35bf601279, there is a test failure on tests/test_secure_tempfile.py::test_buffered_read, only the first 1024 bytes are being decrypted properly

[codecov-io]

Codecov Report

Merging #3458 into develop will increase coverage by 0.05%.
The diff coverage is n/a.

@@             Coverage Diff             @@
##           develop    #3458      +/-   ##
===========================================
+ Coverage    85.87%   85.93%   +0.05%     
===========================================
  Files           34       34              
  Lines         2167     2175       +8     
  Branches       241      241              
===========================================
+ Hits          1861     1869       +8     
  Misses         250      250              
  Partials        56       56

Impacted Files	Coverage Δ
secure_tempfile.py	100% <0%> (ø)	⬆️
crypto_util.py	96% <0%> (+0.04%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update aee07c8...7a35752. Read the comment docs.

[redshiftzero]

Hey @emkll, take a look at this one when you get a chance 😇

[emkll]

Changes look good to me, thanks @reaperhulk and @redshiftzero !