[FEAT] Option to skip masking secrets

[rfinnie]

Is your feature request related to a problem? Please describe.

A common use case is to store both an actual secret (e.g. a password) with an associated piece of information (e.g. a username). If the user does not consider the username to be sensitive, it would be nice to tell the action to not mark a key as masked.

To be clear, I think this should be explicitly opt-in, and keys should remain masked by default.

Describe the solution you'd like

Something like this could work:

jobs:
    build:
        steps:
            - name: Import Secrets
              uses: hashicorp/[email protected]
              with:
                url: https://vault.mycompany.com:8200
                token: ${{ secrets.VAULT_TOKEN }}
                caCertificate: ${{ secrets.VAULT_CA_CERT }}
                secrets: |
                    secret/data/ci/aws accessKey | AWS_ACCESS_KEY_ID nomask ;
                    secret/data/ci/aws secretKey | AWS_SECRET_ACCESS_KEY

This layout would not be compatible with the implicit normalized variable format, but I think requiring an explicit variable when using nomask is fine.

Describe alternatives you've considered

Hardcoding the non-secret part in the workflow... ?