Evaluate passing explicit secrets instead of secrets: inherit in Process-PSModule workflow

[MariusStorhaug]

Context

Identified during review of PR #18. The Process-PSModule.yml workflow uses secrets: inherit, which forwards all repository and organization secrets to the reusable PSModule/Process-PSModule workflow. A Copilot reviewer flagged this twice (comments r3215702505 and r3220268252) as a least-privilege concern: if the called workflow is ever compromised, every secret in the repository is exposed.

Technical Decisions

secrets: inherit is currently the standard pattern used by all PSModule module repositories when calling the shared Process-PSModule reusable workflow. The full set of secrets that Process-PSModule actually consumes (e.g., APIKEY for gallery publishing, any signing or deployment keys) is not documented at the call-site level. Switching to explicit secret mapping requires auditing PSModule/Process-PSModule to determine the minimum required secret set, then updating all module repositories that use the workflow.

Implementation Plan

• Audit PSModule/Process-PSModule/.github/workflows/workflow.yml to enumerate every secret the reusable workflow declares and uses.
• Determine whether a minimal explicit list (secrets: APIKEY: ${{ secrets.APIKEY }}, etc.) would cover all required operations without breaking builds or publish steps.
• If feasible, replace secrets: inherit with the explicit mapping in this repository's Process-PSModule.yml and validate CI passes.
• Consider propagating the same change to other PSModule module repositories if the approach is confirmed safe.