Today we have secure deletion only for the device as a whole (powerwash). We should add a way for secure deletion of individual files so that after a user has been removed from the device, we can
* permanently delete their out-of-cryptohome metadata and
* permanently delete the vault keyset of their cryptohome to prevent access even when a local attacker knows, or is able to brute-force, the user's password.

(There might be other use cases.)