Capture redis slowlogs from Redis Cluster nodes

The gitlab_fluentd cookbook already supports using the redis_slowlog plugin to query Redis and capture slowlog events:

<source>
  @type redis_slowlog
  tag redis.slowlog
  password "#{ENV['FLUENTD_REDIS_PASSWORD']}"
</source>

However, our recipe currently provides that plugin with a password extracted from omnibus secrets. We will instead need to specify both a redis user and password. We may also want to make a new separate redis user for this purpose (with limited permissions), which will not be configured via omnibus secrets.

This means we probably need to:

• Add a new redis user via GKMS.
• Update the gitlab_fluentd cookbook:
  • Redis template needs to specify both a username and password.
  • Injecting secrets into the redis template currently happens by calling the bind_secrets_helpers library function, which extracts only the generic redis password from the omnibus all-the-secrets vault. We need to preserve current default behavior for backward compatibility and add support for specifying both a username and password from an alternative secrets vault. We could do that in the recipe or the library module, whichever seems more maintainable.
  • Create the new redis user and add it to the secrets storage. Creating it involves serially updating and restarting the redis nodes.