HVS: shadow cache for dynamic secret responses

[tvoran]

Caches HVS dynamic secrets (values and TTL/expiration info) for each HCPVaultSecretsApp in a k8s secret in the operator's namespace. This way dynamic secrets aren't fetched from the HVS API before the renewalPercent of their TTL (since each dynamic secret fetch from the HVS API creates and returns a new set of dynamic credentials, which would trigger rollout-restart, etc.).

The cache secret is named with a common prefix (vso-hvs) and a hash of the HCPVaultSecretsApp namespace and name, and has these labels and data layout:

apiVersion: v1
data:
  <dynamic secret name>: <dynamic secret response from HVS>
  <dynamic secret name>: <dynamic secret response from HVS>
  vso-messageMAC: <HMAC of all the dynamic secrets>
kind: Secret
immutable: true
metadata:
  labels:
    app.kubernetes.io/component: hvs-dynamic-secret-cache
    app.kubernetes.io/managed-by: hashicorp-vso
    app.kubernetes.io/name: vault-secrets-operator
    hcpvaultsecretsapps.secrets.hashicorp.com/hvs-app-name: sample-app
    hcpvaultsecretsapps.secrets.hashicorp.com/name: myapp
    hcpvaultsecretsapps.secrets.hashicorp.com/namespace: default
    secrets.hashicorp.com/vso-ownerRefUID: c66776d8-c547-4183-bf77-3c0e70768712
  name: vso-hvs-e1859a3957fcac8cd9f511
  namespace: vault-secrets-operator-system
type: Opaque

[tvoran]

Agree on the extra unit tests and periodic cleanup task, will work on those in a separate PR.

[tvoran]

Thanks!