[ESP32] Support for using encrypted app binary for OTA upgrades (#26978)

* [ESP32] Link wpa_supplicant library to libchip

* [ESP32] Support for using encrypted app binary for OTA upgrades

* Changes in application code

* Guide for how to use encrypted ota

* remove ota configs from sdkconfig.defaults

* Added few words to wordlist

* changed keypair to "key pair"
diff --git a/src/platform/ESP32/OTAImageProcessorImpl.h b/src/platform/ESP32/OTAImageProcessorImpl.h
index 5d0775c..03e1367 100644
--- a/src/platform/ESP32/OTAImageProcessorImpl.h
+++ b/src/platform/ESP32/OTAImageProcessorImpl.h
@@ -23,6 +23,10 @@
 #include <platform/CHIPDeviceLayer.h>
 #include <platform/OTAImageProcessor.h>
 
+#if CONFIG_ENABLE_ENCRYPTED_OTA
+#include <esp_encrypted_img.h>
+#endif // CONFIG_ENABLE_ENCRYPTED_OTA
+
 namespace chip {
 
 class OTAImageProcessorImpl : public OTAImageProcessorInterface
@@ -38,6 +42,13 @@
     bool IsFirstImageRun() override;
     CHIP_ERROR ConfirmCurrentImage() override;
 
+#if CONFIG_ENABLE_ENCRYPTED_OTA
+    // @brief This API initializes the handling of encrypted OTA image
+    // @param key null terminated RSA-3072 key in PEM format
+    // @return CHIP_NO_ERROR on success, appropriate error code otherwise
+    CHIP_ERROR InitEncryptedOTA(const CharSpan & key);
+#endif // CONFIG_ENABLE_ENCRYPTED_OTA
+
 private:
     static void HandlePrepareDownload(intptr_t context);
     static void HandleFinalize(intptr_t context);
@@ -54,6 +65,14 @@
     const esp_partition_t * mOTAUpdatePartition = nullptr;
     esp_ota_handle_t mOTAUpdateHandle;
     OTAImageHeaderParser mHeaderParser;
+
+#if CONFIG_ENABLE_ENCRYPTED_OTA
+    void EndDecryption();
+
+    CharSpan mKey;
+    bool mEncryptedOTAEnabled                 = false;
+    esp_decrypt_handle_t mOTADecryptionHandle = nullptr;
+#endif // CONFIG_ENABLE_ENCRYPTED_OTA
 };
 
 } // namespace chip