PXD-2308 ⁃ secrets automation

[philloooo]

• audit changes to secrets - maybe local git on admin vm to start with
• arranger secrets in hierarchy - secret name corresponds to hierarchy - mount secrets to container in same hierarchy: /mnt/gen3/secrets/fence/secret1.json ...

ex: /fence/secret1.json >> fence-secret1

• mount secrets in sidecar to simplify service deplyment yaml - maybe configuration too
  • a master secret specifies which pods/containers get which secrets/configs
  • a secrets sidecar (could combine with nginx sidecar) automates mounting which secrets and configs are needed by the current pod
• helper scripts to automate updates to k8s resources for secret rotation and bootstrap