Serve encrypted images in Vault Notes

As described at https://www.amplenote.com/help/security_images_and_other_uploaded_content, it is implausible that an actor could discover Amplenote images, but there is the potential that an Amplenote image could be leaked if its author were to share the image URL somewhere where it could be picked up by a scraper. For this task, we could guard against this possibility by generating image data that would be E2E encrypted (with vault-password-derived key) so even if URL is guessed it would be useless (and Amplenote can't decrypt, just like with vault note content).