[9.2](backport #5997) Replace secrets in fleet section of policies

[mergify]

What is the problem this PR solves?

The fleet section of a policy is now allowed to contain secrets. This PR ensures that Fleet Server correctly replaces such secrets with their values before the policy is sent to the Agent.

How does this PR solve the problem?

This PR builds upon the work done in #5852, evaluating the fleet section of the policy received from Elasticsearch and replacing any secrets within it.

Design Checklist

• I have ensured my design is stateless and will work when multiple fleet-server instances are behind a load balancer.
• I have or intend to scale test my changes, ensuring it will work reliably with 100K+ agents connected.
• I have included fail safe mechanisms to limit the load on fleet-server: rate limiting, circuit breakers, caching, load shedding, etc.

Checklist

• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in ./changelog/fragments using the changelog tool

Related issues

Closes #4470

---

This is an automatic backport of pull request #5997 done by Mergify.

[mergify]

Cherry-pick of 8ea3537 has failed:

On branch mergify/bp/9.2/pr-5997
Your branch is up to date with 'origin/9.2'.

You are currently cherry-picking commit 8ea3537.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	new file:   changelog/fragments/1764638389-secrets-fleet-ssl.yaml
	modified:   internal/pkg/api/handleCheckin.go
	modified:   internal/pkg/model/schema.go
	modified:   internal/pkg/policy/testdata/policy_with_secrets_mixed.json
	modified:   internal/pkg/secret/secret_test.go
	modified:   internal/pkg/smap/smap.go
	new file:   internal/pkg/smap/smap_test.go
	modified:   model/schema.json

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   internal/pkg/policy/parsed_policy.go
	both modified:   internal/pkg/policy/parsed_policy_test.go
	both modified:   internal/pkg/secret/secret.go
	both modified:   internal/pkg/server/fleet_secrets_integration_test.go

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

[mergify]

This pull request is now in conflicts. Could you fix it @mergify[bot]? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b mergify/bp/9.2/pr-5997 upstream/mergify/bp/9.2/pr-5997
git merge upstream/9.2
git push upstream mergify/bp/9.2/pr-5997

[michel-laterman]

@copilot please rebase the commit

[Copilot]

@michel-laterman I've opened a new pull request, #6511, to work on those changes. Once the pull request is ready, I'll request review from you.

[michel-laterman]

@Mergifyio rebase

[mergify]

rebase

☑️ Nothing to do, the required conditions are not met

Details

• -conflict [📌 rebase requirement]
• -closed [📌 rebase requirement]
• queue-position = -1 [📌 rebase requirement]
• any of:
  • #commits-behind > 0 [📌 rebase requirement]
  • -linear-history [📌 rebase requirement]