Don't encrypt using AEAD by default
AEAD is not yet widely supported and isn't even fully standardized.
I think it is reasonable to create keys that claim we support AEAD (since we do), but if Sequoia encrypts to a key that claims to support AEAD, we shouldn't right now. Perhaps in a year or so.