Secrets: improve SPReg sync configuration

[mar235av]

In the local-bin directory, the spreg_processor.py script downloads configuration data from the SPReg database. The database connection parameters (including the account password) are stored in the spreg_conf.py file in the same directory. The ssl connection files are also in the same directory. These secrets should not be in the local-bin directory with the source code, as proper segregation of secret data is a best security practice for multiple reasons.

1. Move the three db_ssl files to the credentials directory, and update the configuration accordingly.
2. Move at least the database password (or possibly the entire db configuration) to the credentials directory, and update the script as needed.
3. Test to verify that the script still connects correctly to the spreg database.

[stea-uw]

• Want to use the separate credentials directory, and add it to the .gitignore

[stea-uw]

PR ready for review: https://github.com/UWIT-IAM/uw-idp-custom/pull/54/files

I've already copied the credentials files to the credentials/ on the prod servers, though they're not being used. Once pushed, we'll need to delete the old copies.

I don't seem to have access to the eval servers, so I couldn't copy the configs over on those. Will look into getting those perms.

[mar235av]

After discussing with Stevie, we decided to make some changes. Primarily, instead of checking in a credentials directory (which would be confusing since most of the files in the deployed credentials/ directory are not checked in), we created a sample_credentials directory which contains a README describing the expected contents and a few files that illustrate the expected properties without revealing any secrets. I checked in the changes on a new branch and verified them on the dev domain, noting that this required rebuilding the Python environment (following the documented process in the README.python file) since a new module dependency was added.