I found that when acra-server validates searchable hash after decryption and it failed then it skips applying response_on_fail option and just returns as is. It's because our searchable encryptor decrypts data as first, marks the current context as successful decryption, and then validates hash which will fail. Due to the context was marked as successful, acra-server do nothing on encoding stage because it expects valid raw value instead of returning error or default value.
In this PR were added marking context as NotDecrypted in case of failed hash validation and tests for that.
Additionally found, that our encryptor_config validations denied searchable fields with type awareness (probably because searchable encryption was added after the first introduction of type awareness) and added missed masks.

Checklist

• [ +] Change is covered by automated tests
• [ +] The coding guidelines are followed
• [+] Public API has proper documentation in the Acra documentation site or has PR on documentation repository
  with new changes
• CHANGELOG.md is updated (in case of notable or breaking changes)
• CHANGELOG_DEV.md is updated
• Benchmark results are attached (if applicable)
• Example projects and code samples are up-to-date (in case of API changes)