This commit fixes a bug in the operator when users provide their own
encryption keys.

When we retrieved existing encryption keys (to ensure we don't generate a new
one), we retrieved *all of them* including user-provided ones.
We then merge the user-provided configuration, which also includes user-provided
encryption keys. So everytime we reconcile the configuration, we duplicate
the user-provided encryption keys into the reconciled config secret. Because this
secret changes, all Pods get rotated automatically.
This results in a never-ending config update (growing forever) and pod rotation.

This commit fixes it by ensuring the operator always manages the first encryption key.
This first key is the only one that gets reused. User-provided keys are then appended
to the list of keys.

This allows the following use case:
- deploy ent search with no encryption key: you get a generated one
- add your own custom encryption keys: it is appended to the array after
the generated one. Transition is smooth. If we were to replace the generated
one in that case, Enterprise Search would not be able to decrypt data.