New design needed for storing API keys in this repo

[gcampax]

I've now seen it three times: every new device needs API keys. Contributors end up putting the API key in plain text somewhere in the code, or sometimes the manifest. The correct option, which is secrets.json, is not available because they don't have git-crypt access. git-crypt is also problematic because it's not revocable, because it's tied to git.

I'm not sure what's the correct design here is. I'm opening this issue so I don't forget. Maybe we should document that "secrets.json" should not be uploaded to git (add it to gitignore), and new contributors can send API keys privately over secure email or other secure channel. The existing secrets.json would stay added by me and encrypted by me.

(Note: this is not a security issue at the moment, because keys are encrypted. It's a friction issue with contributors)