Add tooling around secrets-management in openshift.

[shivprakashmuley]

This PR introduces a toolset designed to simplify and automate the entire lifecycle of managing external secrets in OpenShift. It provides a guided workflow that addresses the most common challenges developers face when integrating with providers like AWS, GCP, and Vault.

In summary, the PR provides the following key capabilities:
Recommendation (recommend_secrets_management): Helps users choose the right tool for their needs, differentiating between native Kubernetes Secrets for internal use and recommending either the External Secrets Operator (ESO) or the Secrets Store CSI Driver (SSCSI) for external secrets based on the desired integration pattern (syncing vs. mounting).
Guided Setup (generate_prerequisites_plan, secrets_management_configure):
Generates clear, provider-specific instructions for configuring the necessary cloud-side prerequisites (like IAM roles for Workload Identity).
Provides the correct manifests (SecretStore, SecretProviderClass) and instructions for installing the necessary operators from the OpenShift Software Catalog.
Usage Examples (generate_example_*):
Offers ready-to-use YAML examples for an ExternalSecret and an application Pod with a CSI volume, demonstrating how to consume secrets with either ESO or SSCSI.
Automated Auditing & Debugging (secrets_management_debug):
This is the core feature, acting as a "Secret Management Auditor." It performs a comprehensive, automated health check of a user's entire secrets configuration.
It systematically inspects everything from the application pod, ServiceAccount annotations, custom resources (ExternalSecret, SecretProviderClass), operator health, and RBAC permissions.
It generates a structured report with clear PASS/FAIL statuses and provides actionable, precise instructions to fix any identified misconfigurations, transforming a complex debugging process into a simple, deterministic audit.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: shivprakashmuley
Once this PR has been reviewed and has the lgtm label, please assign matzew for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@shivprakashmuley: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/test	97733cf	link	true	/test test

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[Cali0707]

/cc @matzew