Add support for NanoTDF plaintext policy

[jrschumacher]

The current implementation of nanoTDF in the SDK only supports encrypted policy. The nanoTDF spec explicitly supports encrypted and plaintext policy.

The current need of plaintext policy is to both be compatible with Base TDF (ZTDF), but also to enable reading the policy for visibility trimming without the need to over-privledge service accounts.

See spec: opentdf/spec@main/schema/nanotdf/README.md

This was implemented in Go and KAS opentdf/platform#2182