roachprod: add install cmd for side-eye

[dt]

This also required a new optional extra map of local -- to the client running roachprod -- commands that can be run to replace arguments in the install cmd, so that we can get the key without checking it in.

Alternateively we could special-case the side-eye install in go code but this felt more generalized.

Release note: none.
Epic: none.

[cockroach-teamcity]

This change is 

[msbutler]

could you write a docstring here that lays out how to install side eye? this could also go in the commit message. i.e. i think it is something like, but it's not totally clear from the code:

roachprod install $CLUSTER side-eye --secret $API_KEY

[dt]

It is just roachprod install TARGET side-eye same as all the others, eg roachprod install TARGET haproxy. Given it is consistent with all the other install commands it seems weird to give it special documentation?

[msbutler]

Ah, so the user needs to set the SIDE_EYE_API_TOKEN env var. I think that's worth documenting.

[msbutler]

i'm just thinking through ways to ease the onboarding process for any CRL engineer.

[dt]

Ah, so the user needs to set the SIDE_EYE_API_TOKEN env var. I think that's worth documenting.

No, the key is fetched from gcloud (which you already need to have configured to use roachprod); the user with keys on keyboard never touches the key.

[dt]

i'm just thinking through ways to ease the onboarding process for any CRL engineer.

Again, it is identical to all the other install commands, which seems like it should be as easy as we can do

[msbutler]

I see, sorry, was not reading the code as closely as I could have.

[dt]

TFTR!

bors r+

[craig]

Build failed:

• linux_amd64_build

[dt]

brutal preemptions

bors r+

[craig]

Build succeeded:

• windows_build
• examples_orms
• macos_amd64_build
• acceptance
• linux_amd64_fips_build
• linux_arm64_build
• docker_image_amd64
• unit_tests
• lint
• local_roachtest
• linux_amd64_build
• macos_arm64_build
• check_generated_code
• local_roachtest_fips