Encrypt the email_address field on TeacherInvitation

As a general rule we'd try to avoid having personally identifiable
information in the editor-api database. At the moment however, the
feature to generate email invitations has to live in this codebase. To
improve the security of the email_address field, this commit ensures
that is encrypted against the keys introduced in the previous commit.

I thought I might have to use the `deterministic: true` option[1] here
to allow the `find_by_token_for` method to work, but I've convinced
myself using the existing tests and by experimenting in the console
that this isn't the case. The generated token can be used to retrieve
the TeacherInvitation record even when `email_address` is encrypted.

I've added a test to demonstrate that this non-deterministic
encryption (that is, where a different value is generated each time
encrypt is called even for the same input) is intended. The rails
guide suggests that this is the best practice unless we need to query
by email address (which we currently don't need to do).

[1] https://guides.rubyonrails.org/active_record_encryption.html#deterministic-and-non-deterministic-encryption

Author: chrislo

app/models/teacher_invitation.rb

@@ -8,6 +8,7 @@ class TeacherInvitation < ApplicationRecord
             format: { with: EmailValidator.regexp, message: I18n.t('validations.invitation.email_address') }
   validate :school_is_verified
   after_create_commit :send_invitation_email
+  encrypts :email_address
 
   generates_token_for :teacher_invitation, expires_in: 30.days do
     email_address

spec/models/teacher_invitation_spec.rb

@@ -64,4 +64,11 @@
 
     expect(invitation.school_name).to eq('school-name')
   end
+
+  it 'non-deterministically encrypts the email_address' do
+    school = create(:verified_school)
+    described_class.create!(email_address: '[email protected]', school:)
+
+    expect(described_class.find_by(email_address: '[email protected]')).to be_nil
+  end
 end