I think the only usable approach will be to decrypt messages as they arrive. Otherwise things like search etc. break.
To re-secure the indexes we *should* probably encrypt the indexes using AES or something else that is fast, but for an initial implementation I don't care too much.
Use full-disk encryption if necessary.
I think the whole memory-hole idea is generally a bad idea, but we're not in control and have to deal with this somehow.
Naturally it will mean that things like IMAP search will also not work, so IMAP will just be a dumb blob store from now on (see also https://fastmail.blog/2016/12/10/why-we-dont-offer-pgp/).