Vault secrets engine: Choose to abort config reloads if secrets cannot be resolved

[ninjaMog]

Your checklist for this issue

🚨 Please review the guidelines for contributing to this repository.

• Link to any upstream changes that might be required (for example Jenkins Core pull request)

Feature Request

When using the Vault secrets engine, if secret placeholders cannot be resolved (invalid secret / vault unavailable / access denied / other reasons) they are replaced with an empty string.

This can have catastrophic consequences, as a working Jenkins instance can suddenly have all it's credentials replaced with empty values if the vault server is not available (e.g. if there is a temporary connectivity issue)

This behaviour is stopping us adopting vault as our configuration as code secrets engine.

If we could enable a flag which aborted configuration reloads rather than continuing with the configuration update, this would resolve our problem.

Other suggestions most welcome!