feat: hide GCLOUD_DEPLOY_credentialsKey from config-secrets
deploy types can define additional secret env vars. Those can now define "hidden" secrets that won't appear when you invoke project-config-secrets
this mr sets it for GCLOUD_DEPLOY_credentialsKey, as this should not be manually adjusted and is just noise when invoking config-secrets
additionally, GCLOUD_RUN_CANONICAL_HOST_SUFFIX is now flagged as hidden
. It was previously not listed at all as secret.
The reason why to keep track of those in the first place is to be able to know which ci-variables are used at all. At the moment its hard to know what is actually used.
E.g. if you change deploy type from cloudrun to something else, GCLOUD_RUN_CANONICAL_HOST_SUFFIX and GCLOUD_DEPLOY_credentialsKey would still stick around.
the goal is to have a whitelist of all secrets, so that at some point we can prune unused ones