`ci-secret-generator`: Sync *all* secrets to GSM

[psalajova]

Extends ci-secret-generator to sync all generated secrets to GSM (previously only cluster-init secrets), and generates index secrets to track collection membership. Part of the Vault-to-GSM migration (see design doc).

What Changed

1. Removed pattern filter - All (~460) secrets generated by ci-secret-generator will now also sync to GSM as well as to Vault
2. Added index secret generation - Creates {collection}____index containing sorted list of secrets per collection

Why

• We need all secrets generated by ci-secret-generator to be available in GSM
• GSM doesn't support multi-key secrets like Vault - each key becomes a separate secret
  • Example: Vault's build_farm item (378 keys) → 378 GSM secrets + 1 index secret
• Keeps indexes up-to-date as config changes

Structure in GSM For each collection (e.g., build_farm):

build_farm__sa--dot--deck--dot--build01--dot--config
build_farm__sa--dot--sinker--dot--build02--dot--token--dot--txt
...
build_farm____index

Index content:

- sa--dot--deck--dot--build01--dot--config
- sa--dot--sinker--dot--build02--dot--token--dot--txt
- updater-service-account

Tests created with the help of cursor AI.