ccl/cliccl: avoid opening Engine in debug encryption-decrypt

[jbowens]

Adapt the debug encryption-decrypt command to avoid actually opening the Engine and instead only open the filesystem environment. This allows the command to be used even when missing or corrupt files prevent the Engine from being opened.

Epic: none
Fix #96699.
Release note: none

[blathers-crl]

It looks like your PR touches production code but doesn't add or edit any test code. Did you consider adding tests to your PR?

_{🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is dev-inf.}

[cockroach-teamcity]

This change is 

[jbowens]

Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @sumeerbhola)

---

pkg/ccl/cliccl/ear_test.go line 163 at r1 (raw file):

		cmd.SetOut(&b)
		cmd.SetErr(&b)
		require.NoError(t, cmd.Flags().Set("enterprise-encryption", encSpecStr))

I'm really perplexed as to how this test ever passed without this?

[jbowens]

Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @sumeerbhola)

---

pkg/ccl/cliccl/ear_test.go line 163 at r1 (raw file):

Previously, jbowens (Jackson Owens) wrote…

I'm really perplexed as to how this test ever passed without this?

Ah, right, the file registry is not encrypted. I think this is a fine additional restriction to require the --enterprise-encryption flag, but lemme know your thoughts

[sumeerbhola]

Reviewed 4 of 4 files at r1, all commit messages.
Reviewable status: complete! 1 of 0 LGTMs obtained (waiting on @jbowens)

---

pkg/ccl/cliccl/ear_test.go line 163 at r1 (raw file):

Previously, jbowens (Jackson Owens) wrote…

Ah, right, the file registry is not encrypted. I think this is a fine additional restriction to require the --enterprise-encryption flag, but lemme know your thoughts

I don't really have an opinion

[jbowens]

TFTR!

bors r=sumeerbhola

[craig]

Build succeeded:

• Bazel Essential CI (Cockroach)
• macos_amd64_build
• macos_arm64_build
• windows_build