Support booting from an unencrypted dataset on a pool with encryption active

grub-probe fails when called on a dataset in a pool with feature@encryption=active. When grub2 is booted, it returns an error and drops to the rescue console. See https://github.com/zfsonlinux/zfs/issues/7153 and https://github.com/zfsonlinux/grub/issues/24 for more details.

Make it not reject whole pools with the feature active, but only datasets with encryption enabled.

Other ways of booting from a pool with encrypted datasets (and possibly from an encrypted dataset) are:

• Putting the kernels on a separate pool (outside the BE dataset). Making this work with boot environments (a different set of kernels for each BE) would probably be complex to implement.
• Having a kernel on a separate pool that would open the encrypted pool, load the BE's kernel and kexec into it. This also requires some additional work.