Support S3 KMS Encryption

[elliottpope]

Is your feature request related to a problem? Please describe.

I have an S3 bucket SSE-KMS enabled (i.e. using this method of S3 object encryption). The FluentD S3 Output Plugin supports providing the SSE parameters to implement this but I cannot determine how to inject those parameters using the s3 ClusterOutput

Describe the solution you'd like

I would like the S3 Output Plugin API to support:

• sse: bool. To enable/disable encryption (defaults to AWS S3-SSE using AWS managed keys)
• sseKMSKeyID: string. To provide the ARN of the KMS key to be used if using a custom key
• sseCustomerAlgorithm: string, sseCustomerKey: string, sseCustomerKeyMD5: string. For S3-KMS with Customer Managed Keys

I would like to be able to configure the FluentD S3 Output plugin using this operator to upload objects to S3 encrypted using a KMS managed key that I provide

Additional context

I believe you would just need to add additional parameter mappings here and here to support the following parameters from here: use_server_side_encryption, ssekms_key_id, sse_customer_algorithm, sse_customer_key, sse_customer_key_md5 (those last few are for the Customer Provided Key case which is not my use case)