DEVOPS-1800 - Migrate Secrets

[vgrassia]

Type of change

- [ ] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [X] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

This PR removes the .github/secrets directory and moves all of the certificates to the bitwarden-ci Key Vault.

Code changes

• .github/workflows/build.yml: Switch to downloading the certificates from the Key Vault.

Before you submit

• Please add unit tests where it makes sense to do so (encouraged but not required)
• If this change requires a documentation update - notify the documentation team
• If this change has particular deployment requirements - notify the DevOps team
• Ensure that all UI additions follow WCAG AA requirements

[bitwarden-bot]

Checkmarx One – Scan Summary & Details – f8613fdb-204b-4829-ba46-05c858731f0c

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	SSRF	/src/services/onelogin-directory.service.ts: 178	Attack Vector
	Unpinned Actions Full Length Commit SHA	/build.yml: 664	Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...

Fixed Issues

Severity	Issue	Source File / Package
	Unpinned Actions Full Length Commit SHA	/build.yml: 665
	Use_of_Broken_or_Risky_Cryptographic_Algorithm	/jslib/node/src/services/nodeCryptoFunction.service.ts: 138
	Use_of_Broken_or_Risky_Cryptographic_Algorithm	/jslib/node/src/services/nodeCryptoFunction.service.ts: 178
	Use_of_Broken_or_Risky_Cryptographic_Algorithm	/jslib/node/src/services/nodeCryptoFunction.service.ts: 99
	Use_of_Broken_or_Risky_Cryptographic_Algorithm	/jslib/node/src/services/nodeCryptoFunction.service.ts: 87
	Use_of_Broken_or_Risky_Cryptographic_Algorithm	/jslib/node/src/services/nodeCryptoFunction.service.ts: 21