feat: add age and helpers to image for encryption of plan.cache

I'd like to show how easy it is to run your Infrastructure-as-Code by making it public, so we can learn from each other. Doing so requires cryptograhy to protect my secrets. A common solution is using Mozilla's sOps with age for encryption. So let's encrypt the plan.cache (which is just a plain ZIP file after all) with age, too. Also make it easy while at it.

Example project at https://gitlab.com/dekarl/homelab/-/blob/master/.gitlab-ci.yml needs just 11 lines of gitlab-ci including documentation (once the calls to en-/decrypt make it to the template)

PS: The test case contains the private key in plain. That's on purpose. Move it to a protected variable in production.