[water7] feat: Add sops + age secret handling, still wip

I'm kinda lost, but we'll get there lol soon forgejo secrets will be fixed!

Signed-off-by: SindreKjelsrud <sindre@kjelsrud.dev>

shared/secrets/secrets.yaml

@@ -0,0 +1,19 @@
+forgejo:
+    LFS_JWT_SECRET: ENC[AES256_GCM,data:qdYhKX+SRnpy5ur5XkBmQ9gN6dNCOw3q2dliUssWaNHP7RWATwsTcdsApQ==,iv:EazZrHXvDUM1z2UcqbH6tHmTs7+COv4CFNo04fDgAWw=,tag:ZJZn8d1yuHnB/1CHyuuTyg==,type:str]
+    INTERNAL_TOKEN: ENC[AES256_GCM,data:Wg+VeKKZK/EIjREIWQuWKCUB7CoL4SlPwBC3ldyul3EWu+YAzc6nouWqp1Q4eH9ib9nNztnOQ66cru8u513TMJfNA7F9BuCGf3b2MjIRwcf12aXJR7yHc15nPD0/LwJ6PXQQBAXZNnfh,iv:STOtNKSxF5LzexsYVvWUQDa/ZXkWV2CJRFD0nYr9U+g=,tag:yKfUIkKVZXWJ5zDOCseLNw==,type:str]
+    oauth2.JWT_SECRET: ENC[AES256_GCM,data:lypGzbbbXhXc75Gi1I6LVQIDAgsQseuvz60Um+YglkMkDMuMfpEAX1AkhQ==,iv:uMzIu0+O8f98074BP8V8tkNQKhCc+jAGPCf3ZSVuUS4=,tag:GFIIZYiKqgfZ/C+9iiVxvQ==,type:str]
+sops:
+    age:
+        - recipient: age1ft5dg4lna25ceg40mvvq5sa53zm7rhqdsnsxxe7qyaa34u2gsp8qkgere4
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBraGdMYXBEZGMvbGVqSkJE
+            aWJRRUtBN3Q1cVR3S0xHTU00akhOL0hhSlc0Clh5SVlycit2b3pPMVMzV3BPdTNM
+            S3lNRFVCZFZwaWwzc1QxdSthYTdsNlEKLS0tICtJem9UaXp4cFJWMWU2cmRXL2pV
+            Yk9ETmxVV3Ezb0ZUQXViNkNxaHk1bmcKwBkyJN6IFH59THyuhYydP7lqfki26rNX
+            Eb0/GmRLhx9P9EfA+eMwL5rox4nksoqktOxDB8MATASOAH3EM/+e5A==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-10-12T07:11:43Z"
+    mac: ENC[AES256_GCM,data:Ox0JQ/90f5uey1+CEXBexVkTDd0PsLDqRdKZNi3OHoUJG9B3Oty5NRqsOdowlGQdGJ7Hn0gxprwO4/QQ/SS45rZFX1bNWywSxTtNuKK9HeOG5DFFaLaJTGUa2UHxjb3Owu2ScHUUOzEWxZt2h1mBpnxEKvdxajq5X8ww+hgXd7s=,iv:SMY3PANRZq33KNn8JwnBdqRFMOWwfxTz7l7ZKA/suFg=,tag:JVGqCRkUw12k7wwqc1vI8g==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2