Encrypting Secret Data at Rest (#8574)

* change default value for Encrypting Secret Data at Rest to secretbox, remove experimental flag and add documentation

* fix MD012/no-multiple-blanks

roles/kubernetes/control-plane/defaults/main/main.yml

@@ -144,7 +144,7 @@ controller_manager_extra_volumes: {}
 kube_encrypt_secret_data: false
 kube_encrypt_token: "{{ lookup('password', credentials_dir + '/kube_encrypt_token.creds length=32 chars=ascii_letters,digits') }}"
 # Must be either: aescbc, secretbox or aesgcm
-kube_encryption_algorithm: "aescbc"
+kube_encryption_algorithm: "secretbox"
 # Which kubernetes resources to encrypt
 kube_encryption_resources: [secrets]