feat(sso): using secret references in dex to not put secrets in git

otc/observability.t09.de/stacks/core/dex/values.yaml

@@ -68,9 +68,9 @@ config:
       name: ArgoCD Client
       redirectURIs:
         - "http://argocd.observability.t09.de/auth/callback"
-      secret: "{{`{{ .Env.OIDC_DEX_ARGO_CLIENT_SECRET }}`}}"
+      secretEnv: "OIDC_DEX_ARGO_CLIENT_SECRET"
     - id: grafana
       redirectURIs:
         - "https://grafana.observability.t09.de/login/generic_oauth"
       name: "Grafana"
-      secret: "thisisasecret"
+      secretEnv: "OIDC_DEX_GRAFANA_CLIENT_SECRET"

otc/observability.t09.de/stacks/observability/grafana-operator/manifests/grafana.yaml

@@ -53,7 +53,7 @@ spec:
       allow_sign_up: "true"
       use_refresh_token: "true"
       client_id: grafana
-      client_secret: "thisisasecret" # $__file{/etc/secrets/auth_generic_oauth/client_secret}
+      client_secret: "grafana123" # $__file{/etc/secrets/auth_generic_oauth/client_secret}
       scopes: openid email profile offline_access groups
       auth_url: https://dex.observability.t09.de/auth
       token_url: https://dex.observability.t09.de/token