This change allows optionally using "custom" types of encrypted folders,
via a user-provided executable command, but only if the encrypted folder
path doesn't already contain an EncFS configuration file.

I've re-used the `PADLOCK_CMD` variable which seems to have remained in
the `debops` library (even if unused).

This was prompted because I was looking for a way to integrate
debops-padlock with [gocryptfs][]. In my case I have a gocryptfs
encrypted folder in `ansible/.encfs.secret/gocryptfs` and a script under
`ansible/.encfs.secret/padlock` like this:

    #!/bin/sh

    extpass="..."
    exec gocryptfs -extpass="$extpass" $1/gocryptfs $2

[gocryptfs]: https://github.com/rfjakob/gocryptfs "gocryptfs"