Passing secrets as component inputs is unsafe

Problem

When passing input values via include:*:with keyword, the values are interpolated and then persisted in plaintext. This makes it unsafe to use secrets in with: due to their potential risk of being leaked.

Let's supposed we have a component that sends a slack notification:

spec:
  inputs:
    message:
    channel:
    token:
---
notify-slack:
  script: echo "$[[ inputs.message ]]" > slack-cli $[[ inputs.channel ]] -t "$[[ inputs.token ]]"

Then it's used as:

include:
  - component: gitlab.com/my-org/component@1.0
    with:
      token: $MY_SLACK_TOKEN
      channel: test-channel
      message: hello world

This would print the value of token in plaintext in the job log but also persist it in plaintext as well as serving the job steps to the Runner in plaintext.

Proposal

A quick fix would be to start with detecting if any masked variables are being used inside with: keyword and raise an error immediately.

This however represents a case where using env variables is better than using inputs. A better way would be for the component not to take token input but expect a variable $SLACK_TOKEN to be defined instead so no interpolation occurs.