fix: Make conversion from FileDecryptionProperties to ConfigFileDecryptionProperties fallible

[adamreeve]

Which issue does this PR close?

• Closes Conversion from FileDecryptionProperties to ConfigFileDecryptionProperties should be fallible #21602.

Rationale for this change

Fail quickly with a helpful error if we're unable to represent a FileDecryptionProperties instance as ConfigFileDecryptionProperties

What changes are included in this PR?

• Change the implementation of From<&Arc<FileDecryptionProperties>> for ConfigFileDecryptionProperties to TryFrom.
• Fail the conversion if we can't get the footer key from the FileDecryptionProperties with empty metadata

Are these changes tested?

Yes I've added a new unit test.

I also tested this with a branch of delta-rs that uses Datafusion with Parquet encryption, and this required only minor changes to tests and examples: corwinjoy/delta-rs@file_format_options_squashed...adamreeve:delta-rs:test-datafusion-change

Are there any user-facing changes?

Yes, this is a breaking API change.

[kumarUjjawal]

This still depends on footer_key(None) failing. A key retriever can return a footer key even when it still cannot represent the full decryption config. In that case thisconversion can still succeed, but column_keys() is empty and we silently lose the column decryption info. Can we reject all key-retriever-based FileDecryptionProperties directly and add a test for that case?

[adamreeve]

Yes, that's not currently possible with the public API of FileDecryptionProperties but I can follow up and change that too. I think it would still make sense to make this current change and then improve this later once arrow-rs allows it.

[kumarUjjawal]

Sure, Please open a follow-up issue and link it here so that it is tracked. Also handle the upgrade note.

[kumarUjjawal]

This changes a public API from From to TryFrom, so downstream code using (&decrypt).into() or ConfigFileDecryptionProperties::from(&decrypt) will stop compiling. Can we add an upgrade note for this change.