db_encryption_key is not yaml escaped

[sethboyles]

Issue

db_encryption_key is incorrectly parsed if it has a leading #. This is because hashes are interpreted as comments if not escaped/quoted

We need to yaml_escape it (and potentially review other password/key fields) before rendering it to cloud_controller.yml

Context

with the following password:

egrep db_encryption_key /var/vcap/jobs/cloud_controller_ng/config/cloud_controller_ng.yml
db_encryption_key: #mypassword

bosh deployment prestart fails on cloud_controller_ng job with prestart logs reporting the following

Running migrations
[2022-01-06 14:29:08+0000] Running migration try number 1 of 3
[2022-01-06 14:31:43+0000] VCAP::CloudController::ValidateDatabaseKeys::DatabaseEncryptionKeyMissingError
[2022-01-06 14:31:43+0000] No database encryption keys are specified
[2022-01-06 15:16:55+0000] Waiting for bosh_dns

Steps to Reproduce

1. Set cc.db_encryption_key to something like #mypassword in the bosh manifest
2. Deploy

Expected result

The key is set correctly and the deploy succeeds

Current result

prestart fails with DatabaseEncryptionKeyMissingError

Possible Fix

Use https://github.com/cloudfoundry/capi-release/blob/e0582bc93edde2851764ce42e2dbebe18baa4218/jobs/cloud_controller_ng/templates/cloud_controller_ng.yml.erb#L11-L19 We should probably also do a review and see if there are other fields that should be escaped