[keyring] Verify that KMS keyring behaves correctly on encrypt

[mattsb42-aws]

Once awslabs/aws-encryption-sdk-specification#73 is resolved, we need to verify that the KMS keyring implementation is correct.

[mattsb42-aws]

Something I realized as I was working through this: the current behavior of adding EDKs as we get them violates the spec requirement that if any CMKs fail, the KMS keyring MUST NOT modify the encryption materials.

I think that the simplest way to do the right thing here will be to implement #214.

[mattsb42-aws]

With the changes implemented in #231 and and the spec changes made in awslabs/aws-encryption-sdk-specification#74, this implementation now matches the specification.