Add script to reencrypt pillar data
    
    This scripts can be used to reencrypt all pillar data with an updated
    list of recipients. It does of course not prevent anyone from checking
    out an old revision and decrypt this data, so good practice would still
    require to rotate secrets when the list of recipients is changed.
    
    Example usage:
    
        ./bin/reencrypt_pillar.py -r --recipients-file encrypted_pillar_recipients pillar