Our AES encryption/decryption methods were primarily intended for
internal use, but a use case has cropped up that requires using a custom
encryption key. This change adds that support, and improves the naming
of our encryption/decryption methods to spell out that they're for AES
specifically. The old methods remain but raise deprecation warnings.

There's also a new method for getting the default AES encryption key,
preventing callers from having to do their own logic here if they want
to supply the same key to an encryption method.

Unit tests pass.