Azure devops service connections renew secret process should be improved

[AlitzelMendez]

After some trouble getting status website back online we realize that the value that needed to be updated was an azure devops service connections, in this case is hard to track the value because is not that obvious which secret is falling and the secret manager can't update this value.

We should consider other options to track this value and add additional documentation for this kind of secrets

[riarenas]

This is very similar to https://github.com/dotnet/dnceng/issues/1188. Service connections just break silently when the token that backs them expires.

[missymessa]

Add to Post reorg follow up epic.

[premun]

We should also have guidelines on what to put in service connection descriptions so that we can track what exact secret we already have that can back that connection. This would help servicing the existing connections.

[oleksandr-didyk]

The Source-Build release pipeline would also benefit greatly from the addition of some better handling for service connection as we are relying on them to publish shipping packages to a NuGet feed for our partners as part of the release process - https://github.com/dotnet/source-build/issues/3444.

Having the Secret Manager at least warn about a rotated secret being used in a service connection would increase the confidence we have in our release process. As such, we would appreciate if the priority of this effort was bumped up. Thanks!

[missymessa]

Epic issue closed. Kicking this out to be retriaged.

[missymessa]

Dupe of an issue @garath is currently working on.