envbuilder support for build-time secrets is undocumented

[ns-mkusper]

There doesn't seem to be any way to pass build-time secrets when using envbuilder, leaving me with no straight-forward option to include any Dockerfile with commands similar to:

RUN --mount=type=secret,id=test-token poetry config http-basic.test-token-pypi gitlab-ci-token $(cat /run/secrets/test-token)

I'd be willing to drop a patch for this, but I'm curious to hear opinions on whether or not this is something envbuilder can support without violating its design principles.

[ns-mkusper]

Seems that the standard kaniko method of mounting secrets in /kaniko does work to resolve this issue. This works for me and I'm willing to use it permanently but seems like something of a workaround.