Feat: kusion engine integrate secret provider to enhance secret management

[adohe]

What would you like to be added?

Instead of retrieve sensitive information in the build phase, it's better to do this in the apply stage, which provides smaller risk exposure.

Why is this needed?

For now, kusion calls built-in secret providers to retrieve various sensitive information during the build stage, which means we might cause data leak in intent. To protect sensitive information, we should shift right this behavior to apply and build necessary encrypt mechanism against state store.