Move our secrets from chef-vault to an agnostic provider solution

We need to evaluate Vault to store all our secrets and, if it ticks the checkbox, decommission encrypted data bags and open source chef-repo.

We need at least one standby instance and an offline copy for disaster recovery.

Terraform should manage the instance.