TXT record encryption AES key length check is broken

[meyfa]

This was previously reported in #3992 but is still relevant (can still be reproduced).

What happened:

external-dns pod was crashing because of "the AES Encryption key must have a length of 32 bytes" after following the documentation, using a url-base64 encoding for the key.

Instead, using a 32 character-long string "works", meaning that the key is successfully taken by external-dns but it then fails with other errors related to old TXT records not being encrypted.

Moreover, 32 characters are not 32 bytes of entropy, because people will likely use only alphanumerical characters. As such, it should be discouraged to just update the documentation to use 32 characters.

What you expected to happen:

external-dns should pick the key, decode it using base64 and use it to encrypt/decrypt TXT records

How to reproduce it (as minimally and precisely as possible):

Use the following arguments, which should be valid according to the documentation but actually prevent external-dns from starting:

--txt-encrypt-enabled
--txt-encrypt-aes-key=ZPitL0NGVQBZbTD6DwXJzD8RiStSazzYXQsdUowLURY=

On the other hand, this configuration works:

--txt-encrypt-enabled
--txt-encrypt-aes-key=01234567890123456789012345678901

Anything else we need to know?:

Environment:

• External-DNS version (use external-dns --version): v0.15.1
• DNS provider: Cloudflare

cc @bennesp @lnhrdt from the previous issue