[CI] add az-sync github action to handle secrets

[sean-breen]

Proposed changes

Adds a new custom Action to sync secrets from the Azure Keyvault. The action uses a filter pattern to pull secrets, and multiple patterns can be used by passing a comma-separated list. We call this function wherever we require secrets values to be in place, such as before calling the Configure Go Proxy step in each job.

        - name: Get Secrets from Azure Key Vault
          uses: ./.github/actions/az-sync
          with:
            az_client_id: <client-id>
            az_tenant_id: <tenant-id>
            az_subscription_id: <sub-id>
            keyvault: <keyvault-name>
            secrets-filter: 'test,artifactory,other-secrets'

In the job log output, you should see which secrets have been successfully synced for a pattern. These will be available in the env for any subsequent steps in that job:

Processing pattern: artifactory
Sync secret: env.artifactory-token
Sync secret: env.artifactory-url-dev
Sync secret: env.artifactory-url-prod
Sync secret: env.artifactory-user

Checklist

Before creating a PR, run through this checklist and mark each as complete.

• I have read the CONTRIBUTING document
• I have run make install-tools and have attached any dependency changes to this pull request
• If applicable, I have added tests that prove my fix is effective or that my feature works
• If applicable, I have checked that any relevant tests pass after adding my changes
• If applicable, I have updated any relevant documentation (README.md)
• If applicable, I have tested my cross-platform changes on Ubuntu 22, Redhat 8, SUSE 15 and FreeBSD 13

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.15%. Comparing base (6cbcd8b) to head (7960c97).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1445   +/-   ##
=======================================
  Coverage   85.15%   85.15%           
=======================================
  Files         102      102           
  Lines       12984    12984           
=======================================
  Hits        11057    11057           
  Misses       1440     1440           
  Partials      487      487           

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6cbcd8b...7960c97. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[aphralG]

Just wondering why the changes to the vulncheck were needed ?

[sean-breen]

Not needed for the Azure migration specifically, I just wanted to make them required and didn't want to open another PR.