Support Puma key_password_command for SSL key decryption

This is a follow-up to the Omnibus issue: gitlab-org/omnibus-gitlab#7799 (closed)

We upgraded to Puma and add supported for encrypted SSL keys in Puma: https://docs.gitlab.com/ee/administration/operations/puma.html#using-an-encrypted-ssl-key

I've created Add Puma config support for SSL key decryption (gitlab-org/build/CNG!1417 - merged) to make it possible to set key_password_command via an environment variable, but we will need to add Helm Chart support.

I'm not sure if this feature is needed as much as the Omnibus version since Kubernetes stores the secrets, but keeping the SSL key encrypted on the disk still might be useful.

We probably will want to store the contents of key_password_command in a Kubernetes secret, just in case the script contains other tokens/passwords.