Include secret leak detection in the template feature branch pipeline (sync-feature-branches)

[gberche-orange]

**Is your feature request related to a problem?

I need to prevent introduction of secrets leaks into the template repo. This is a follow up of initial effort in https://github.com/orange-cloudfoundry/paas-templates/issues/4

Describe the solution you'd like

sync-feature-branches to include secrets prevention tasks, and to fail when secrets are detected

Describe alternatives you've considered

Notification of the failed micro-depls-auto-sanitize pipeline.

[o-orand]

For me, it seems more relevant to include this as a paas-templates pipeline, as secrets detection is already included in that repo.

[gberche-orange]

@o-orand

Can you suggest a way such a paas-template pipeline can fail the sync-feature-branches and force authors to fix leaking secrets before they get merged ?

[o-orand]

we are using a different pipeline (part of paas-template) to set our internal gitlab merge request status to failure

Here is a pipeline overview:

[gberche-orange]

Current status: the introduction of credentials leaks in new features is notified through gitlab merge request status. It is not blocking merge of related feature branch into develop branch and release.

Risks:

• Introduction of credentials leak in new contributions (i.e. new credentials are hardcoded and not stored into credhub). This exposes operators running these features.
• Credentials leak on github.

Prioritized temporary workaround:

• add manual step in release process to block release when new credentials leak are introduced
• keep github publication with sanitization pipeline.