check for newline in referenced secrets values

[wasaga]

it is customary to generate kubernetes secrets based on the contents of the files. However if you occasionally do a newline there, the newline would get persisted inside a parameter (that's also b64 encrypted), and it's very hard to spot.

I've seen it happening multiple times during support calls; i.e. the error from IdP (referenced in https://github.com/pomerium/internal/issues/1676) is rather cryptic as you seem to do everything right.

We probably should check for a newline everywhere we pull from secrets, and at least put an explicit warning to log files and /status of the CRD/Ingress.

Kubernetes secret generator footgun

Originally posted by @wasaga in https://github.com/pomerium/internal/issues/1676#issuecomment-1889496740