Native secrets

[vmelikyan]

• Add {{provider:path:key}} template syntax for referencing cloud secrets in lifecycle.yaml env blocks

• Support AWS {{aws:path:key}} and GCP {{gcp:path:key}} secret providers

• Generate ExternalSecret CRs per service/webhook with cloud secret references

• Modify pod specs to use secretKeyRef for secret-backed env vars

• Add secretProviders configuration to global_config for provider settings

• Support secrets in github, docker deployment types and webhooks

• Support nested JSON access with dot notation (e.g., {{aws:config:database.password}})

• Build-time secrets supported in native build with buildkit engine via envFrom mounting in build containers

• fixes envLens log streaming

Note: helm type service don't yet support this.