Secret hiding base CI resource

[JackThomson2]

Changes

Adding the base script to be used for building custom kernels with secret hiding patches applied for testing

Reason

...

License Acceptance

By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license. For more information on following Developer
Certificate of Origin and signing off your commits, please check
CONTRIBUTING.md.

PR Checklist

• I have read and understand CONTRIBUTING.md.
• I have run tools/devtool checkstyle to verify that the PR passes the
  automated style checks.
• I have described what is done in these changes, why they are needed, and
  how they are solving the problem in a clear and encompassing way.
• I have updated any relevant documentation (both in code and in the docs)
  in the PR.
• I have mentioned all user-facing changes in CHANGELOG.md.
• If a specific issue led to this PR, this PR closes the issue.
• When making API changes, I have followed the
  Runbook for Firecracker API changes.
• I have tested all new and changed functionalities in unit tests and/or
  integration tests.
• I have linked an issue to every new TODO.

---

• This functionality cannot be added in rust-vmm.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 83.14%. Comparing base (c9fa6fe) to head (9a7c7e9).

Additional details and impacted files

@@                  Coverage Diff                   @@
##           feature/secret-hiding    #5096   +/-   ##
======================================================
  Coverage                  83.14%   83.14%           
======================================================
  Files                        248      248           
  Lines                      26923    26923           
======================================================
  Hits                       22386    22386           
  Misses                      4537     4537           

Flag	Coverage Δ
5.10-c5n.metal	83.53% <ø> (ø)
5.10-m5n.metal	83.52% <ø> (ø)
5.10-m6a.metal	82.71% <ø> (-0.01%)	⬇️
5.10-m6g.metal	79.56% <ø> (ø)
5.10-m6i.metal	83.51% <ø> (-0.01%)	⬇️
5.10-m7a.metal-48xl	82.70% <ø> (ø)
5.10-m7g.metal	79.56% <ø> (ø)
6.1-c5n.metal	83.58% <ø> (ø)
6.1-m5n.metal	83.56% <ø> (-0.01%)	⬇️
6.1-m6a.metal	82.75% <ø> (ø)
6.1-m6g.metal	79.56% <ø> (ø)
6.1-m6i.metal	83.56% <ø> (+<0.01%)	⬆️
6.1-m7a.metal-48xl	82.75% <ø> (ø)
6.1-m7g.metal	79.56% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[roypat]

Should we also add the "kernel builds" integration test as part of this? Just so that the code is tested/used straight away

[roypat]

Should we add some sort of assertion here to verify that .config contains everything we specify in kernel_config_overwrites? Just as a sanity check, to avoid ever running into any hard/weird to debug issues

[roypat]

Very nice!!

[roypat]

mh, I guess as long as we don't setup an nightly pipelines, reusing nonci is fine, but if we ever have a nightly pipeline on this branch that also passes -m nonci, then it might pick up this test by accident, which we don't want probably. Thought on using a dedicated pytest mark for this test? :o

[JackThomson2]

Added a new secret_hiding mark for the test