Implement cat-like filtering behaviour for encrypt/decrypt

This allows the following invocations:

    # Interactive use, like gpg
    ansible-vault encrypt --output x

    # Non-interactive, for scripting
    echo plaintext|ansible-vault encrypt --output x

    # Separate input and output files
    ansible-vault encrypt input.yml --output output.yml

    # Existing usage (in-place encryption) unchanged
    ansible-vault encrypt inout.yml

…and the analogous cases for ansible-vault decrypt as well.

In all cases, the input and output files can be '-' to read from stdin
or write to stdout. This permits sensitive data to be encrypted and
decrypted without ever hitting disk.

lib/ansible/cli/__init__.py

@@ -262,6 +262,8 @@ class CLI(object):
             parser.add_option('--new-vault-password-file',
                 dest='new_vault_password_file', help="new vault password file for rekey", action="callback",
                 callback=CLI.expand_tilde, type=str)
+            parser.add_option('--output', default=None, dest='output_file',
+                help='output file name for encrypt or decrypt; use - for stdout')
 
 
         if subset_opts: