Registering a plugin in the catalog is a distinct concern from mounting an
engine, so give it its own module and config directory instead of folding
sha256/command into each engine's backend module.
- Add a generic 'plugin' module (vault_plugin: type/name/command/sha256/
plugin_version) that imports a binary into the catalog.
- Add a config/plugins/ discovery group (filename = catalog name) and wire it
through vault_cluster (plugins variable + module) and the syd1 environment.
- Add config/plugins/vault-plugin-secrets-gpg.yaml pinning the released v0.1.0
binary sha256. Other engines can now register their plugin by dropping a file
here; their *_secret_backend module just mounts the registered type.