Enable CONFIG_CRYPTO_XTS for each kernel, so we can switch to using
aes-xts-plain64 as default cipher for cryptsetup (override with
"pmbootstrap --cipher"), instead of aes-cbc-plain64 (pmbootstrap#1940).

I have executed "pmbootstrap kconfig edit" on each kernel, and manually
toggled the option. The diff is not always clean, because for some
kernels it is apparently the first time, that menuconfig was executed on
the configs like that. In a few instances, it turned out that
CONFIG_ANDROID_PARANOID_NETWORK needed to be disabled too (this is
already a requirement, but as the config was incomplete, it was not
visible that this option was enabled). Very few times, I had to enable
CONFIG_EXPERIMENTAL in order to see and enable CONFIG_CRYPTO_XTS.

It would be great if we could automate such mass kconfig edits in the
future, see pmbootstrap#1942.

[skip ci]: I have verified, that every single one of these kernels builds.
           CI will likely run out of time while downloading source tarballs.