secrets extension not supported in EnvVarRequirement

[fabricebrito]

Calrissian version

0.12.0

Current behaviour: Parameter pw is a secret. using it in an EnvVarRequirement with e.g.:

EnvVarRequirement:
        envDef:
          AWS_ACCESS_KEY_ID: $(inputs.pw)

will not take the parameter value.

Expected behaviour

Secret parameter values used for setting environment variables must have the correct value.

To reproduce

$namespaces:
  cwltool: http://commonwl.org/cwltool#

$graph:

- class: Workflow
  id: main
  hints:
    "cwltool:Secrets":
      secrets: [pw]
    DockerRequirement:
      dockerPull: docker.io/debian:stable-slim
  inputs:
    pw: string
  outputs:
    out:
      type: File
      outputSource: step1/out
  steps:
    step1:
      in:
        pw: pw
      out: [out]
      run: 
        "#secret_job"


- class: CommandLineTool
  id: secret_job
  hints:
    "cwltool:Secrets":
      secrets: [pw]
  requirements:
    InitialWorkDirRequirement:
      listing:
      - entryname: stagein.sh
        entry: |-
          #!/bin/bash
          env
    EnvVarRequirement:
        envDef:
          AWS_ACCESS_KEY_ID: $(inputs.pw)
  inputs:
    pw: string
  outputs:
    out: stdout
  baseCommand: ['/bin/bash', 'stagein.sh']

Run with:

calrissian --tmp-outdir-prefix /calrissian-tmp/bbtest/ --outdir /calrissian-output --stdout /calrissian-output/out.json --max-ram 8Gi --max-cores 4 --debug --enable-ext /calrissian-input/secrets.cwl#main --pw aaa