Update how personal access token git credentials are mounted into workspaces

[amisevsk]

Description

The DevWorkspace Operator allows mounting a Personal Access Token to workspaces, enabling access to private repos in cases where SSH keys aren't convenient. This is currently done by

1. Collecting all secrets labelled controller.devfile.io/git-credential in the current namespace
2. Merging them into a secret called devworkspace-merged-git-credentials (in order to allow multiple credentials to be specified)
3. Mounting this secret using a subpath volume mount to a mount path specified by the original secrets

The downside of this approach is that using a subpath volume mount prevents changes to the on-cluster secret from being propagated to the workspace, which can cause issues if PATs expire.

Instead, we should consider updating the DevWorkspace Operator to:

1. Mount the merged git credentials secret as files (rather than subpaths) to allow changes to be propagated into the workspace.
2. Ignore mount paths on git-credential secrets, and mount the credentials file to a fixed directory (this is required for the point above, as otherwise mounting to / will overwrite the entire filesystem).

Additional context

Originally brought up as an issue in eclipse-che/che#21291. Note the GitLab PATs expire after 2 hours, so even if they are refreshed as expected, the workspace would have to be restarted frequently.

Details on how controller.devfile.io/mount-path is currently used:

1. If no secret specifies a mount path, the default / is used and the credentials file is mounted to /credentials
2. If any secret specifies a mount path, that is used instead. Multiple secrets can specify the same mount path
3. If two or more secrets specify conflicting mount paths, it is treated as an error