Require `:encryption` for string settings (#48067)

* Require `:encryption` for string settings

For settings that are not typed as JSON, CSV, or strings, encryption now
defaults to `:no` (*except* if you have
explicitly marked your setting as `:sensitive?` - these will default to
`:when-encryption-key-set`).

I went through all our settings and provided what I think are reasonable
values here. I tried to be conservative - when I wasn't sure whether a
stored setting was sensitive, I kept it as encrypted. For example, the
`ldap-port` setting is probably non-sensitive but theoretically someone
could be using a weird port for security-by-obscurity, so I kept that
encrypted.

* Change possible values for `:encryption`

`:maybe` was confusing: let's be more explicit that the value will be
encrypted `:when-encryption-key-set` to make it obvious what actually
turns encryption on and off.