Trident Protect stores the encryption key in the repository

[sithglan]

Describe the solution you'd like
Trident Protect Backups are stored unencrypted or the encryption key is stored in the AWS bucket. This makes it easy for third parties that host the S3 bucket to compromise the data. In order to use trident protect in any serious company backups need
to be encrypted.

Describe alternatives you've considered
At least it should be possible to configure the encryption key for kopia/restic when configuring trident protect. Better woule be if all data in the repository would be encrypted as it is the default with restic.

Additional context

(midi) [~/tg1980] cat wordpress_1dbfbd5b-0b3f-4222-902c-b3563e5246b7/kopia/wordpress/data-wordpress-mariadb-0_3d399cec-2383-49da-bf13-37861ff027e0/kopia.repository
{
  "tool": "https://github.com/kopia/kopia",
  "buildVersion": "0.17.0",
  "buildInfo": "89c8eb47af2e1d5c1d14fe299a0cf7eaac095abf",
  "uniqueID": "IqAx9cKzL2K7jleVEFpHqm4B2u33K7cgcuDIHVdptFM=",
  "keyAlgo": "scrypt-65536-8-1",
  "encryption": "AES256_GCM",
  "encryptedBlockFormat": "qN5Xh0oJLjI4E7hIJ783TWE7vo/6IPctN9d6wJyVGC2Vg6hHArJ7gqT08VMXX1zLonGuWS+CBWlvOp+fC6sDlWDjH9qdk8Qb2Bow33wa/KEQiENIBPiH4MacCrogwelq2Sv+XaQocFb7kO9qRm0HuCGDRp7BzDX5BID2SdwciV4Z/M+Ov1AQAkcn+Fasji+z05kCOCMDtGGto2x7cIzdVenB7lSHrrvIB89wIdiyI86x8scX2O66VuL13z2CTZsoeoeYGv6zyY4QCNe8CxZ0yhTSiULn2eWo85AKyH+ElqjR6GqP5w/rnPb/7hD8h0c85LMzOvIkFXUCydJU1yhMJjn84dLN/m+6R1PJvhbmf7Kni2o3xiHvb76Soez8PC19yhEpCJbBq2Hld45a0vkz3B028fq/zmbZ67UNKN7EFoyRT+3urGuDY7p+PXbHhZp5A14N71/Ur1/BLL9x4cHwq6eRvZfB3Z7ZtZoTRIvm7Wqm6tqJowhJ4pddJRm7rzHVEvkZH/vglcdq4safW3e8BrQUfG/5cDEy4S2DIXwwyO1XkA+igzUjJTXBKTog0oA8jHIdfssluhwXNkbbgXhRXOZEr+1S6WsVxVO7rw32hqtFTNE5p1bhTK5kAR/FRB0v8Ty1aeK83gG9qOkJ+SDQtEje9vBaSxKyBDeQSsvPSxAY3eSKmvOsXyiJZPR6Zv80NHoyHGmKMYb8FFFoKU3l1oEUJjKLlwTc8kmC4+GYXVCFRf4NJGnrbuFZprTiks1H4vcNoVL1mrl/yBV6fcheawmCdHIIv2iCZYdrwCI3+Q=="
}