Secondary key allocation to storage drive failure domains

What is claimed is: 1. A method for limiting access to data within a failure domain of a storage drive, the method comprising: associating a failure domain-specific cryptographic key with a failure domain of a storage drive, wherein the failure domain comprises a portion of, but not all, storage resources in the storage drive, and wherein the failure domain is one of a plurality of failure domains of the storage drive that each has a uniquely associated failure domain-specific cryptographic key; writing encrypted data to storage media comprising the failure domain using the failure domain-specific cryptographic key; detecting a condition related to a failure of the storage drive within the failure domain associated with the failure-domain specific cryptographic key; and deleting the failure domain-specific cryptographic key to limit access to the encrypted data written to the storage media in the failure domain using the failure domain-specific cryptographic key, wherein others of the plurality of failure domains are unaffected. 2. The method of claim 1 , wherein the failure domain corresponds to a portion of the storage drive serviced by a physical component susceptible to failure. 3. The method of claim 2 , wherein the physical component comprises at least one of a storage media surface, a head, a shingled magnetic recording zone, or an actuator. 4. The method of claim 1 , further comprising: prior to deleting the failure domain-specific cryptographic key, maintaining the failure domain in a read-only state; rebuilding data from the failure domain into other storage media different than the storage media of the failure domain; and wherein the deleting the failure domain-specific cryptographic key occurs after the rebuilding is complete. 5. The method of claim 4 , wherein the other storage media different than the storage media of the failure domain comprises at least one of another failure domain of the plurality of failure domains of the storage drive or at least one failure domain of another storage drive. 6. The method of claim 1 , wherein the plurality of failure domains each comprise a unique subset of storage media for the storage drive. 7. The method of claim 1 , wherein the condition related to a failure of the storage drive within the failure domain corresponds to a predicted failure of the failure domain. 8. The method of claim 1 , wherein the condition related to a failure of the storage drive within the failure domain corresponds to an actual failure of the failure domain. 9. A storage drive with failure domain-specific cryptographic keying, comprising: a plurality of failure domains, each of the plurality of failure domains comprising storage media for persistent storage of data comprising a portion of, but not all, storage resources of the storage drive; a key store comprising a plurality of failure domain-specific cryptographic keys, each of the plurality of failure domain-specific cryptographic keys being uniquely associated with one of the plurality of failure domains; an encryption engine operative to access the key store to utilize a corresponding one of the plurality of failure domain-specific cryptographic keys to write encrypted data to the storage media of a failure domain; and wherein, upon detection of a condition related to a failure of the storage drive within a failed failure domain associated with a given failure domain-specific cryptographic key, the given failure domain-specific cryptographic key for the failed failure domain is deleted to limit access to the encrypted data written to the storage media in the failed failure domain using the given failure domain-specific cryptographic key, wherein others of the plurality of failure domains are unaffected. 10. The storage drive of claim 9 , wherein each one of the plurality of failure domains corresponds to a portion of the storage drive serviced by a physical component susceptible to failure. 11. The storage drive of claim 10 , wherein the physical component comprises at least one of a storage media surface, a head, a shingled magnetic recording zone, or an actuator. 12. The storage drive of claim 9 , wherein prior to deleting the failure domain-specific cryptographic key, the failed failure domain is maintained in a read-only state and data is rebuilt from the failed failure domain into other storage media different than the storage media of the failure domain, wherein the deleting the failure domain-specific cryptographic key occurs after the data has been rebuilt. 13. The storage drive of claim 12 , wherein the other storage media different than the storage media of the failure domain comprises at least one of another failure domain of the plurality of failure domains of the storage drive or at least one failure domain of another storage drive. 14. The storage drive of claim 9 , wherein the plurality of failure domains each comprising a unique subset of storage media for the storage drive. 15. The storage drive of claim 9 , wherein the condition related to a failure of the storage drive within the failure domain corresponds to a predicted failure of the failure domain. 16. The storage drive of claim 9 , wherein the condition related to a failure of the storage drive within the failure domain corresponds to an actual failure of the failure domain. 17. One or more non-transitory processor-readable storage media embodied with instructions for executing on one or more processors and circuits of a device a process for limiting access to data within a failure domain of a storage drive, the process comprising: associating a failure domain-specific cryptographic key with a failure domain of a storage drive, wherein the failure domain comprises a portion of, but not all, storage resources in the storage drive, and wherein the failure domain is one of a plurality of failure domains of the storage drive that each has a uniquely associated failure domain-specific cryptographic key; writing encrypted data to storage media comprising the failure domain using the failure domain-specific cryptographic key; detecting a condition related to a failure of the storage drive within the failure domain associated with the failure-domain specific cryptographic key; and deleting the failure domain-specific cryptographic key to limit access to the encrypted data written to the storage media in the failure domain using the failure domain-specific cryptographic key, wherein others of the plurality of failure domains are unaffected. 18. The one or more non-transitory processor-readable storage media of claim 17 , the process further comprising: prior to deleting the failure domain-specific cryptographic key, maintaining the failure domain in a read-only state; rebuilding data from the failure domain into other storage media different than the storage media of the failure domain; and wherein the deleting the failure domain-specific cryptographic key occurs after the rebuilding is complete. 19. The one or more non-transitory processor-readable storage media of claim 17 , wherein the condition related to a failure of the storage drive within the failure domain corresponds to at least one of a predicted failure of the failure domain or an actual failure of the failure domain. 20. The one or more non-transitory processor-readable storage media of claim 17 , wherein the plurality of failure domains each comprise a unique subset of storage media for the storage drive.