Fix docs/impl inconsistency in Secret ownership in ops[testing]

[dimaqq]

Code:

      def _check_can_manage_secret(
          self,
          secret: Secret,
      ):
          if secret.owner is None:
              raise SecretNotFoundError(
                  'this secret is not owned by this unit/app or granted to it. '
                  'Did you forget passing it to State.secrets?',
              )
          ...

Docs:

owner: Literal['unit', 'app', None] = None
Indicates if the secret is owned by this unit, this application, or another application/unit.

If None, the implication is that read access to the secret has been granted to this unit.

[dimaqq]

cc @tonyandrewmeyer

[dimaqq]

In term of logic the above is actually correct (this unit can't manage granted secrets).

In term of the error message though, this is confusing, if None really means granted.

[dimaqq]

quick fix: dimaqq#72

I want to think a bit more about a more comprehensive fix... maybe.

[tonyandrewmeyer]

I don't think the code or doc is wrong. None means that it's a secret that the unit only has view access to, so the unit can't do management of the secret, but can view it.

I suspect maybe that error text was wrongly copied from somewhere else. It should instead say that the secret is not owned by the unit/app, did you forget to set the owner.