Shippable storage device for executing applications and securely storing data

What is claimed is: 1. A shippable storage device, comprising: a storage node comprising a persistent storage; an external network connector; and a stateless compute node comprising: one or more processors; a volatile memory; an internal network interface, wherein the stateless compute node does not include writeable persistent storage, and wherein the stateless compute node is coupled to the storage node via the internal network interface; and an external network interface configured to couple the stateless compute node to the external network connector; wherein the stateless compute node of the shippable storage device is configured to: receive operating code from an external network or a provider network via the external network connector of the shippable storage device; validate the operating code received by the shippable storage device from the external network or the provider network via the external network connector of the shippable storage device, wherein the operating code is prevented from executing if not validated; execute the validated operating code in the volatile memory, wherein the validated operating code includes or is configured to download from the external network or the provider network a data transfer tool and one or more encryption keys, wherein the data transfer tool is configured to: receive data from the external network via the external network connector; encrypt the received data using the one or more encryption keys in the volatile memory to generate encrypted data; and transfer the encrypted data to the persistent storage of the storage node via the internal network interface; wherein the operating code and the data transfer tool do not access writeable persistent storage other than through the internal network interface according to a networking protocol; and wherein the volatile memory is cleared upon removal of power to the shippable storage device so that the operating code, the received data not encrypted, and the one or more encryption keys are not persisted within the shippable storage device. 2. The shippable storage device as recited in claim 1 , wherein the validated operating code is further configured to: download one or more applications in addition to the data transfer tool; and execute the one or more applications, wherein the one or more applications do not access writeable persistent storage other than through the internal network interface according to the networking protocol. 3. The shippable storage device as recited in claim 1 , wherein to validate the operating code, the stateless compute node is further configured to: compute one or more values based at least on the received operating code or the data transfer tool; and determine that the one or more computed values match one or more corresponding values pre-provisioned within the stateless compute node. 4. The shippable storage device as recited in claim 3 , wherein the stateless compute node is further configured to: receive, via the external network connector, a request to authenticate the shippable storage device; and provide, via the external network connector, authentication information based on security information pre-provisioned within the stateless compute node. 5. The shippable storage device as recited in claim 4 , wherein the data transfer tool is further configured to: receive, from a remote storage service provider of the provider network, at least one additional encryption key; encrypt the one or more encryption keys using the at least one additional encryption key to generate an encrypted one or more encryption keys for sending to the remote storage service provider; and before the removal of power to the shippable storage device, transfer the encrypted one or more encryption keys to the persistent storage of the storage node or transmit the encrypted one or more encryption keys to the storage service provider via a communication network, separate from the shippable storage device. 6. A device, comprising: a storage node comprising a persistent storage; an external network connector; and a stateless compute node comprising: one or more processors; a volatile memory; an internal network interface, wherein the stateless compute node does not include writeable persistent storage, and wherein the stateless compute node is coupled to the storage node via the internal network interface; and an external network interface configured to couple the stateless compute node to the external network connector; wherein the stateless compute node of the device is configured to: receive operating code from an external network or a provider network via the external network connector of the device; validate the operating code received by the device from the external network or the provider network via the external network connector of the device, wherein the operating code is prevented from executing if not validated; execute the validated operating code in the volatile memory, wherein the validated operating code includes or is configured to download from the external network or the provider network one or more applications; validate the one or more applications, wherein the one or more applications are prevented from executing if not validated; execute the one or more applications; wherein the one or more applications do not access writeable persistent storage other than through the internal network interface according to a networking protocol; and wherein the volatile memory is cleared upon removal of power to the device so that the operating code and a state of the one or more applications is not persisted on the stateless compute node. 7. The device as recited in claim 6 , wherein to validate the operating code, the stateless compute node is further configured to: compute one or more values based at least on the received operating code; and determine that the one or more computed values match one or more corresponding values pre-provisioned within the stateless compute node. 8. The device as recited in claim 6 , wherein the operating code comprises a boot image, and wherein as part of execution of the validated operating code, the stateless compute node is configured to: boot the stateless compute node using the boot image. 9. The device as recited in claim 6 , wherein the one or more applications includes a data transfer tool configured to: receive data via the external network connector; encrypt the received data using one or more encryption keys in the volatile memory to generate encrypted data; and transfer the encrypted data to the persistent storage of the storage node via the internal network interface. 10. The device as recited in claim 6 , wherein the one or more applications includes a video transcoding tool configured to: transfer video data from the persistent storage to the volatile memory via the internal network interface; transcode the received video data to generate transcoded video data; and output the transcoded video data via the external network connector. 11. The device as recited in claim 6 , wherein the one or more downloaded applications includes a video transfer tool configured to: receive video data via the external network connector; and transfer the video data to the persistent storage of the storage node via the internal network interface. 12. The device as recited in claim 6 , further comprising an additional external network connector coupled to an additional external network interface of the stateless compute node, wherein the one or more applications include a network-based service configured to: execute as one of a plurality of instances of the netwo