[Meta] Separation between regular configuration and passwords

As we start being used more in Enterprise environments we'll get more requests to separate passwords from regular configuration.

Current status:

1. Implement encrypted Rails secrets, once Rails 5.2 is merged. #3855 (closed)
2. Other external components do not have a way of consuming encrypted secrets, and expect configuration in a local file.

/cc @gitlab-build-team @stanhu @rymai

UPDATE: See &2548 for the issues to address this