Allow creating secrets from auth_state

[yuvipanda]

Talking with @foxish, we want to do the following:

1. Authenticate with Google OAuth to JupyterHub, put the tokens into auth_state
2. Create a secret with the original token, and mount it in the pod on launch
3. Have a sidecar that calls out to the Google API and gets a refresh token every time it expires, and puts them in a volume that can be read

Only thing we need to add to kubespawner is ability to create and mount secrets.

This should allow users to thread secrets through for loading data from GCS or S3

[yuvipanda]

Currently you can do this by overriding the start method, creating the secret (if it doesn't exist) and then mounting it. We could use an ownerReference to have it be garbage collected when the pod goes away.

I think getting a demo up and running using this flow would let us explore how to properly upstream the 'create arbitrary objects alongside pod' generically

[consideRatio]

This seem like a quite advanced feature to add, I think I consider it out of scope @yuvipanda. What do you think at this point in time?