Handle verbatim variables and secrets

Current situation

Currently, workflow-defined variables may contain substitutions such as variable expansions. There is a need for 'verbatim' variables (and secrets) that may contain special characters but should not be processed by the execution-environment shells.

Desired outcome

A way to define such variables (and secrets, which have many similarities with 'verbatim' variables.

A possible change would be to extend the current variable definition format:

variables:
  ENV_VARIABLE: env_value

So that it also allows for things like:

variables:
  ENV_VARIABLE: env_value
  VERBATIM_VAR:
    value: yada%FOOBAR%_$USER
    verbatim: true
  EXPANDED_VAR:
    value: yada_$USER
    verbatim: false