Is your feature request related to a problem?/Why is this needed

In brief, we're in need to encrypt data at rest by using a per-tenant key, when storing customer data on EBS. We're currently thinking that the best way to fulfill this requirement is to use fscrypt, which works at the Kernel level and just requires the ext4 filesystem to be formatted with the -O encrypt option.

This option cannot be set at the StorageClass level with any option, as far as I can see.

/feature

Describe the solution you'd like in detail
FWIW, mount-utils supports arbitrary options to be passed to mkfs.ext4, so it would be just a matter of adding one more ext4 specific option to the storage class parameters.

This option could be plumbed through and passed to mount-utils similarly to other options (example here).

Describe alternatives you've considered
We've considered doing this on our own, basically through a DaemonSet that looks for EBS volumes mounted in the host that match certain characteristics, and call tune2fs -O encrypt /dev/device on them, but it sounds like a brittle solution.

Obviously this would be the first step, in order to get this to production, but ideally we hope that we can get rid of this workaround and rely on a first-class option in the StorageClass.

Additional context
More details about fscrypt here and [here]((https://github.com/google/fscrypt).