[debian native package] Don't try to create backup files in config directory when updating secrets.yml

gitlab generally needs to be able to write to some some files and directories.

So far we managed to handle this via symblic links to /var/lib/gitlab, which gitlab user is allowed to write to if we know in advance which files or directories should be writable in advance.

But now it needs to create backup files which we cannot know in advance and provide access to write.

Creating a backup of secrets file: /usr/share/gitlab/config/sec
rets.yml: /usr/share/gitlab/config/secrets.yml.orig.1744015985
rake aborted!
Errno::EACCES: Permission denied @ rb_file_s_rename - (/usr/sha
re/gitlab/config/secrets.yml, /usr/share/gitlab/config/secrets.
yml.orig.1744015985) (Errno::EACCES)

secrets.yml itself is writable since it is a symblic link to /var/lib/gitlab.

Can the backups be saved in a temporary directory or a directory we know in advance, like config/backups ? Or can we have a stand alone way to generate this from another directory than rails app root ? Or can we skip the backup? We already handle the backups in debian using ucf.