Proposal: create a secret content validation script

Summary

Within the CNG, we consume user-provided secrets, often ones that they need to build for themselves into YAML or JSON.

To improve the experience around formatting errors, we could implement a form of validation either in-container or pre-deployment which could verify the content matches the intended secret content types.

Steps to reproduce

Encode mal-formed JSON into an omniauth provider secret, or object storage connection settings.

Current behavior

bundler: failed to load command: puma (/srv/gitlab/vendor/bundle/ruby/2.7.0/bin/puma)
{"timestamp":"2022-04-01T10:01:42.964Z","pid":13,"message":"! Unable to load application: NoMethodError: undefined method `to_sym' for nil:NilClass"}
/srv/gitlab/lib/gitlab/omniauth_initializer.rb:13:in `block in execute': undefined method `to_sym' for nil:NilClass (NoMethodError)
    from /srv/gitlab/lib/gitlab/omniauth_initializer.rb:12:in `each'
    from /srv/gitlab/lib/gitlab/omniauth_initializer.rb:12:in `execute'

/usr/lib/ruby/2.7.0/psych.rb:456:in `parse': (/etc/gitlab/objectstorage/artifacts): did not find expected ',' or '}' while parsing a flow mapping at line 1 column 1 (Psych::SyntaxError)
    from /usr/lib/ruby/2.7.0/psych.rb:456:in `parse_stream'
    from /usr/lib/ruby/2.7.0/psych.rb:390:in `parse'
    from /usr/lib/ruby/2.7.0/psych.rb:277:in `load'
    from /usr/lib/ruby/2.7.0/psych.rb:578:in `block in load_file'
    from /usr/lib/ruby/2.7.0/psych.rb:577:in `open'
    from /usr/lib/ruby/2.7.0/psych.rb:577:in `load_file'
    from (erb):44:in `<main>'
    from /usr/lib/ruby/2.7.0/erb.rb:905:in `eval'
    from /usr/lib/ruby/2.7.0/erb.rb:905:in `result'
    from /scripts/set-config:22:in `block in <main>'
    from /scripts/set-config:18:in `each'
    from /scripts/set-config:18:in `<main>'

Expected behavior

Pre-emptively detect and fail with an actionable error message

cc @a.conrad