Document secret code and data flow in runbooks

We need to update our documents with how secrets are managed for gitlab runner saas. And create playbooks for how to move secrets between Terraform and Chef environments. It's a little more complicated now that we have a separate environment (https://ops.gitlab.net/gitlab-com/gl-infra/config-mgmt/-/tree/master/environments/r-saas-m-staging) connected to production. Some of the secrets from AWS need to go into Terraform (VPN preshared keys) and some into Chef roles (SSH access, autoscaling access, cache access).

Context: https://gitlab.slack.com/archives/C048DKF1PT4/p1678160508143589?thread_ts=1677780061.995379&cid=C048DKF1PT4 (too much to paste here)