[DPE-3325] multi secrets dynamic update of fields only

[juditnovak]

Enhancements for Peer Relation Interfaces

As detailed in Peer Relation Data spec.

Changes

• Re-introduce the concept of adding secrets on the fly. Up to this point PeerRelation and descendants only allowed for secret fields to be declared at instantiation time.
  • https://github.com/canonical/data-platform-libs/issues/127
• Support for multiple secrets are supported STRICTLY if declared at instantiation time
  • Muiltiple secrets are currently only used by Opensearch that has multiple TLS secrets, however it's a valid scenario potentially for other charms as well in the future.
  • Since we want to strictly control the number of secrets "hanging around", dynamic secret creation is not allowed. A charm with multiple secrets should know precisely what additional secrets it may want to have further than the default ones.

Terminology

Multiple secret groups may contain the same fields. Which means that we need to know which TLS ca do we want to get -- once we have 3 TLS secrets? Therefore the following options were introduced:

• For the new add_secret() and get_secret() functions there is a group option to specify the group in case it's different from the default one

• For the unified fetch_relation_data(), update_relation_data(), etc. functions it may rather be desirable to keep the signature intact. Thus a secret_field@group (i.e. ca-cert@tls-https) notation is introduced.

NOTE2: Implementation detail: this change still relies on the databag, however that's likely to change in the future, and secrets fields would be retrieved dynamically.