Support CI/CD variables

The idea is that we have a special CI/CD protected variable called GITLAB_PRIVATE_KEY which is used to decrypt encrypted values inside .gitlab-conf.yml file. The variable should probably be a file variable, so that it gets mounted as a file. So CI can decrypt them and then set other variables inside CI. So access to variables in the repository is not possible without the key and they are then controlled by file in the repository. GITLAB_PRIVATE_KEY itself should be then ignored by this tool.

We could use SOPS to help here?