Verify footer tags when reading encrypted Parquet files with plaintext footers

[rok]

Which issue does this PR close?

From #7255

Follow up task to #6637, which adds initial support for reading files that use Parquet modular encryption.

The Parquet format allows encrypting some or all column data while keeping footers in plaintext for compatibility with readers that don't support encryption. Readers that support encryption can still verify the integrity of the footer though, as a 28 byte nonce and GCM tag are written after the plaintext footer metadata (see https://github.com/apache/parquet-format/blob/master/Encryption.md#55-plaintext-footer-mode).

This should be supported in arrow-rs to allow readers to verify the integrity of plaintext footers.

This should probably be optional, eg. in C++ Parquet there's a FileDecryptionProperties::Builder::disable_footer_signature_verification method to allow disabling this.

Closes #7255.

Rationale for this change

This adds a mechanism that willl prevent tampering with metadata.

What changes are included in this PR?

This adds a read-time integrity verification of footer metadata of read file.

Are there any user-facing changes?

Users get an opaque integrity verification check by default (will throw if failed) and can choose to opt out by calling FileDecryptionProperties::Builder::disable_footer_signature_verification method.

[rok]

@adamreeve I've addressed your feedback, do you think this is ready for a final pass by @alamb ?

[adamreeve]

This is looking pretty good to me although I've got one further comment.

[adamreeve]

LGTM thanks Rok

[rok]

@alamb this and #7439 are ready for review (in this order) for when you can spare some time.

[alamb]

Looks reasonable to me -- thank you @rok and @adamreeve