Protect credentials in secrets from inadvertent commit

[timroster]

When a user needs to place service credentials (e.g. COS) into a secret like operator-database-backup/kubernetes/secret.yaml a good pattern is to use a template file, like cos-secret.template.yaml and then have the user rename to cos-secret.yaml after adding credentials. By adding cos-secret.yaml to .gitignore, there's less risk of having a commit/push expose the credential.