Add support for mounting secrets to file path

[Piccirello]

Currently, doppler run always inject secrets as environment variables. With this PR, secrets can now instead be mounted to an ephemeral file. The file exists for the lifetime of the application and can be read by libraries like dotenv. The path to the file is made available in the DOPPLER_CLI_SECRETS_PATH environment variable.

This feature supports custom name transformers.

Example:

$ doppler run --mount secrets.json -- sh
# new shell
$ echo $DOPPLER_CLI_SECRETS_PATH
/Users/doppler/.doppler/secrets.json
$ cat $DOPPLER_CLI_SECRETS_PATH
'{"TEST_SECRET":"hello"}'

Example w/ Node:

$ doppler run --mount secrets.json -- node
> fs.readFileSync(process.env.DOPPLER_CLI_SECRETS_PATH).toString()
'{"TEST_SECRET":"hello"}'
$ doppler run --mount .env -- node
> process.env
{
  DOPPLER_CLI_SECRETS_PATH: '/usr/src/app/.env'
}
> require('dotenv').config()
> process.env
{
  DOPPLER_CLI_SECRETS_PATH: '/usr/src/app/.env',
  TEST_SECRET: 'hello'
}

New flags for doppler run:	Flag	Default	Description
mount	(off)	path to mount secrets file to, accessible via DOPPLER_CLI_SECRETS_PATH env var
mount-format	json	file format to use. one of [json, env]
mount-max-reads	0	maximum number of times the mounted secrets file can be read (0 for unlimited)

More info

Technically, the mounted secrets file is a named pipe. This allows us to ensure that the pipe's contents (i.e. the secrets) are only accessible while the CLI is connected to it. Once the CLI exits, the pipe is useless.

Potential gotchas:

• Next.js appears to disallow reading from FIFOs, other libraries might too
• After writing the secrets to the FIFO, we close the FIFO to signal to the reader that we're finished. We then wait 10 ms before re-opening the FIFO for further reads. This delay seems arbitrary but, in testing, is required for the reader to be able to detect the EOF. Of course the 10ms number itself is arbitrary and may need to be adjusted at some point.

Closes ENG-3665

[Piccirello]

Comments have been addressed. The env format now wraps all values in quotes. I'm going to push us pretty hard to limit the number of supported formats at launch, as well as any other features that are a nice to have. We can add more functionality over time.