feat: Implement bulk secret injection and manual overrides for enviro…

[Hordunlarmy]

This pull request introduces significant improvements to MetalDeploy's environment variable and secret management, focusing on secure, zero-config secret injection and a robust priority system for overrides. It also enhances artifact copying by resolving relative paths correctly. These changes improve both usability and security for deployments.

Environment & Secret Management Improvements:

• Bulk Secret Injection: Added support for passing all repository secrets at once using the env_blob input (e.g., env_blob: ${{ toJSON(secrets) }}), enabling zero-config secret management. Only secrets prefixed with ENV_ or named ENV are processed for security. [1] [2] [3] [4] [5]
• Manual Overrides: Workflow-level env: variables now override values from the bulk secret blob, allowing for granular control per deployment step. [1] [2] [3]
• Strict Filtering: The system strictly filters secrets, processing only those with the ENV_ prefix or the literal ENV, ignoring unrelated secrets for enhanced security. [1] [2] [3]

Priority System & Environment File Generation:

• Priority System Update: Improved logic ensures that secrets are merged with clear precedence: (1) bulk blob, (2) explicit workflow env:, (3) environment-specific overrides. [1] [2]
• Environment File Generation: Updated to support the new secret injection and override mechanisms, including secure handling and correct bucketing of variables. [1] [2] [3] [4] [5]

Artifact Handling:

• Relative Path Resolution: Artifact copying now resolves relative paths against the workspace, ensuring files are correctly located during deployment.

Documentation & Changelog:

• Docs & Examples: Updated documentation and usage examples to reflect new secret management features, strict filtering, and the improved priority system. [1] [2] [3]
• Changelog: Added a changelog entry summarizing all new features and changes.…nment variables