feat(encryption): Use EncryptedCharField in TempestCredentials

[vgrozdanic]

This is an SQL no-op, but the change IS NOT no-op - we will start writing entries in client_secret column in a new format (enc:plaintext:<base64_value>), but still without any problems read old plain text format!

The field and all of the operations on it has already been tested in a sandbox.

Instead of using the basic Django's CharField, we are now moving to EncryptedCharField (inherits CharField) which encrypts/decrypts the value on the fly. This changes nothing in how we use the value in the codebase, since in memory once the object is fetched, the value is decrypted, but while saving it to db, we will no longer save it in plain text.

This is the first of many models that will be migrated to a new encrypted field.

More info about the project can be found here.

The encryption method is controlled via database.encryption.method option, so for now we will still write everything in plain text, and slowly - region by region switch this to Fernet encryption.

EncryptedCharField is implemented here:

sentry/src/sentry/db/models/fields/encryption.py

Line 273 in 5a6903b

class EncryptedCharField(EncryptedField, CharField):

Closes TET-1459: Migrate TempestCredential model

[github-actions]

This PR has a migration; here is the generated SQL for src/sentry/tempest/migrations/0003_use_encrypted_char_field.py

for 0003_use_encrypted_char_field in tempest

--
-- Alter field client_secret on tempestcredentials
--
-- (no-op)

[linear]

TET-1459 Migrate TempestCredential model

[markstory]

Makes sense to me. The field will continue using plaintext (but with new marker prefixes) for now, and will switch to fernet encryption in the future.