Rather than have sanctuary default to destroying all older versions of a
secret, make the default behaviour to *keep* old versions.

Instead, add a new command `sanctuary destroy-old-versions` which can be
used to destroy older versions of secrets once an application has been
fully updated.

The reasons for this are outlined in more detail in #31.

Closes #31

Add a `use_field_labels` option to `op-cli-item` to allow fields to be
specified by labels as opposed to field ids. For manually created
1password secrets, this is more convenient.

Add an example of `use_field_labels` to the sanctuary docs and update
tests to test retrieving values by label as well as id.

It was decided during sanctuary development to not "auto-create" secrets
since the creation of secrets, and associated IAM permissions, is better
done in tools like terraform. Sanctuary is intended to manage secret
*versions* but not the secrets themselves.

Update the docs to make this clear and add terraform examples for the
"intended approach".

Implement the sanctuary tool. The docs/sanctuary.md file lists the
functionality.