Add functionality to retrieve secrets from AWS SecretsManager

• Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.

What does this MR do?

This MR enables the Gitlab Runner to retrieve secrets from AWS SecretsManager. It's related to the changes of MR 191780 of the Gitlab Backend.

Why was this MR needed?

This MR is needed to process the secrets that should be retrieved from AWS SecretsManager that users can define in their secrets section, once the mentioned Gitlab Backend MR is mergend.

What's the best way to test this MR?

1. Enable FF ci_aws_secrets_manager
2. Configure your .gitlab-ci.yml file with the following example:

# Simple configuration example
build-job:
  # Define ID token for OIDC authentication with AWS
  id_tokens:
    MY_TOKEN:
      aud: https://sts.amazonaws.com
  
  # Define AWS secrets to be retrieved
  secrets:
    DATABASE_PASSWORD:
      aws_secrets_manager: 'your-secret-id#field-name'
      token: $MY_TOKEN
      file: false  # Optional: set to false to store value directly in variable
  
  # Environment variables (can be set at project/group level)
  variables:
    AWS_REGION: eu-central-1 # required
    AWS_ROLE_ARN: 'arn:aws:iam::123456789123:role/your-role-name' # optional
  
  stage: build
  script:
    - echo "Accessing secret..."
    - echo "Secret retrieved successfully: $DATABASE_PASSWORD"

2. Since this MR doesn't include the CI YAML schema updates, you'll need to manually apply changes from MR #191905 to your local development environment.
3. Ensure your AWS IAM role has appropriate permissions to access the secrets in AWS Secrets Manager.

What are the relevant issue numbers?

gitlab#542347 (closed)

gitlab#542346 (closed)

gitlab#542365 (closed)