Bad error in the case of encrypt to users who don't exist.

[coltfred]

There are other sets of steps which produce this same result, but this is the simplest IMO.

1. Initialize IronOxide.
2. Call document_encrypt with DocumentEncryptOpts which only has ExplicitGrants{grant_to_author:false, grants: [UserOrGroup::User("does_not_exist")}

Result: The function will error with grants' failed validation with the error 'Access must be granted to document DocumentId("XXXXXXXXXXXXXXXX") by explicit grant or via a policy'

Expected result: The function should error telling you which people it tried to share with and why that didn't work. It's right to error all the way out, but since I did send in a valid ExplicitGrant I shouldn't get this error. As the caller I'm confused because I did send an ExplicitGrant, it's just a grant that didn't result in valid users.

I think we should add an error that catches the case and tells them what users or groups we tried to share with and why it couldn't be successful.

[clintfred]

As of #27 the code to resolve public keys from grants/policies was consolidated in resolve_keys_for_grants. This would be a perfect place to use a non-empty list like vec1

resolve_keys_for_grants should with return a vec1 or error, preventing the confusing error situation described above.