There are a lot of points in the codebase that accept an optional encryption context and default to an empty object if so. We should only do that default value assignment once, at the top-level user interface. Everywhere else, we should require that it is actually provided.