Add support for env var secret sources

[ashley-cui]

Run secrets can now be created from an environment variable. The
environment variable is read and is briefly stored as a file on /dev/shm
when it's being used, and the file is removed after the RUN command is
finished.

Fixes: #3524

Signed-off-by: Ashley Cui acui@redhat.com

What type of PR is this?

/kind api-change
/kind bug
/kind cleanup
/kind deprecation
/kind design
/kind documentation
/kind failing-test
/kind feature
/kind flake
/kind other

What this PR does / why we need it:

How to verify it

Which issue(s) this PR fixes:

Special notes for your reviewer:

Does this PR introduce a user-facing change?

[rhatdan]

Could you save the err in a prevErr field and only return after you delete all TmpFiles.

var prevErr error
for _, path := range artifacts.TmpFiles {
	err := os.Remove(path)
	if !os.IsNotExist(err) {
                   if prevErr != nil {
                                logrus.Error(err)
                   }
                   prevErr = err
        }
}
return prevErr

[rhatdan]

Make sure the buildah-* files are not world readable.

[ashley-cui]

Would this just be a chmod or something else?

[nalind]

The TempFile() implementation specifies permissions of 0600 when creating the file, so that's fine.

[TomSweeneyRedHat]

Tests are very unhappy @ashley-cui

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ashley-cui

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [ashley-cui]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[rhatdan]

This should be logrus.Error(prevErr)

[rhatdan]

/lgtm