Support passing provider custom secrets to TACOs

[fpacifici]

Soem Terraform provider need secrets for authentication. For example the datadog one
and the pagerduty one.

TACOs does not provide, as of today, a way to provide those secrets as they are specific
to the slices and providers the client is using.

This PR adds a new secret to all the acitons where the secret is needed: plan, apply,
drift detection. This secret is provided as a json object where each key represents a
secret.

The setup action unpacks it and sets an environment variable for terraform per secret.
It also ensures all the secret values are masked.

Secrets are going to be provided to terraform as variable by setting TF_VAR_ environment
variables. This happens once per secret.

See it working on this PR https://github.com/getsentry/ops/actions/runs/9521154268.
I checked that the secret is never in visible in the log.

[mwarkentin]

These secrets are global (across all slices)? Trying to think if there are cases where we might need to have different secrets depending on what you're applying.

GCP is the main one that sticks out but that is already handled by using OIDC authentication.