Use rivertypes.Secret for headers and TLS keys

[ptodev]

Background

We currently store certain fields as strings, where they should probably be stored as secrets:

• Headers field in the GRPCClientArguments struct in config_grpc.go
• Headers field in the HTTPClientArguments struct in config_http.go
• KeyPem and KeyFile fields in TLSSetting strict in config_tls.go. Note that CAPem and CertPem are "secrets" in the Collector's equivalent of this config. I'm not sure why. I thought only private keys are considered secrets, and I thought certificates are generally not.

Proposal

We could store those strings as secrets, so that they are hidden in places like log files. This might be an overkill for things like headers, but even for them it would be good to just use secrets:

• This would make us more consistent with the Otel collector
• There is a chance that users might be storing secrets in their headers and it'd be good not to leak this in some way.

[rfratto]

I'm not sure about this one. Not all headers are secrets. They could be a map[string]rivertypes.OptionalSecret though.

KeyFile

I don't think the file path which holds the key is a sensitive value.

Note that CAPem and CertPem are "secrets" in the Collector's equivalent of this config. I'm not sure why. I thought only private keys are considered secrets, and I thought certificates are generally not.

No, CA and cert are public keys, we don't need to treat them as sensitive.