only create a backup of the current encryption key on 3.8+

* remove check in 3.7 test
* ghe-secrets-init will create a new current encryption key if it doesn't exist
  https://github.com/github/enterprise2/blob/a97cc4b077b8f8be2772959c07e2d0ca729fd079/vm_files/usr/local/share/enterprise/ghe-secrets-init#L505
  since this is restoring from a backup, we need the current encryption
  key to match a value that was backed up in encryption keying material
  because encryption keying material is used to decrypt

Author: KyFaSt

share/github-backup-utils/ghe-backup-settings

@@ -83,8 +83,10 @@ backup-secret "kredz.varz HMAC key" "kredz-varz-hmac" "secrets.kredz.varz-hmac-s
 # this is for forwards compatibility with GHES 3.8.0 onwards
 if [ "$(version $GHE_REMOTE_VERSION)" -ge "$(version 3.7.0)" ]; then
   backup-secret "encrypted column encryption keying material" "encrypted-column-encryption-keying-material" "secrets.github.encrypted-column-keying-material"
-  echo "ghe-config 'secrets.github.encrypted-column-keying-material' | sed 's:.*;::' > encrypted-column-current-encryption-key" |
-  ghe-ssh "$host" /bin/bash
+fi
+
+if [ "$(version $GHE_REMOTE_VERSION)" -ge "$(version 3.8.0)" ]; then
+  cat "$GHE_SNAPSHOT_DIR/encrypted-column-encryption-keying-material" | sed 's:.*;::' > "$GHE_SNAPSHOT_DIR/encrypted-column-current-encryption-key"
 fi
 
 backup-secret "secret scanning encrypted secrets current storage key" "secret-scanning-encrypted-secrets-current-storage-key" "secrets.secret-scanning.encrypted-secrets-current-storage-key"

test/test-ghe-backup.sh

@@ -586,7 +586,6 @@ begin_test "ghe-backup takes backup of encrypted column encryption keying materi
 
   required_files=(
     "encrypted-column-encryption-keying-material"
-    "encrypted-column-current-encryption-key"
   )
 
   for file in "${required_files[@]}"; do