I am including an updated version of this patch series; it has been rebased onto 6ec62b7799 and reworked somewhat.
The patches are as follows:
0001 - doc updates
0002 - Basic key management and cipher support
0003 - Backend-related changes to support heap encryption
0004 - modifications to bin tools and programs to manage key rotation and add other knowledge
0005 - Encrypted/authenticated WAL
These are very broad strokes at this point and should be split up a bit more to make things more granular and easier to review, but I wanted to get this update out.
Of note, the encryption supported in this release as exposed to the heap-level is AES-XTS-128 and AES-XTS-256; there is built-in support for CTR and GCM, however based on other discussions related how to store the additional authenticated data on the page, GCM has been removed from the list of supported ciphers. This could certainly be enabled in the future, however the other pieces that this patchset provides would enable TDE without the additional block size/storage concerns.