Enforce secret sizes

Update LoadBase64Secret() to return an error on invalid secret size. This is 99% not a breaking change since both the chart and Omnibus generate secrets of the correct length (32 bytes), but theoretically there may be installations where secrets were provided manually and are of invalid size.

We already enforce correct size for some secrets:

• EdDSA public key for receptive agents traffic authn in agentk must be 32 bytes and code will error out if that is not the case.
• kas->GitLab API authn secret must be 32 bytes, we enforce that as of this writing. It should be relaxed to [32, 64].