Add options to control secret generation and writing the gitlab-secrets.json file

Summary

We want to make some iterative improvements to omnibus secrets handling to let us start rolling out some new secrets management changes for specific HA roles. https://gitlab.com/gitlab-org/gitlab/-/issues/393092

For now we want to enable a configuration that would not wrie plaintext secrets for a gitaly only node after https://gitlab.com/gitlab-org/gitaly/-/issues/4828 is completed

Proposal

• Add a gitlab.rb flag that only reads secret but not generate them.
  • skip calling parse_secrets from files/gitlab-cookbooks/package/libraries/settings_dsl.rb
  • Likely need to split the validation parts of parse_secrets methods into a new validate_secrets method that still gets called
• Add a gitlab.rb flag that that skips writing the gitlab-secrets.json file.

Followup issue

• Add a secret generation command to gitlab-ctl (#7701 - closed)

References

• https://gitlab.com/gitlab-org/gitlab/-/issues/393092
• https://gitlab.com/gitlab-org/gitaly/-/issues/4828
• gitaly#4973 (closed)
• doc: Document how to generate Gitaly configurat... (gitlab!115299 - merged)

Acceptance criteria

With gitaly items (https://gitlab.com/gitlab-org/gitaly/-/issues/4828, gitaly#4973 (closed), gitaly#4972 (closed)) complete, we need to be able to demonstrate that we can setup a gitaly node in a ref architecture setup, with the omnibus secrets writing disabled, and no passwords/tokens in the gitaly node's gitlab.rb