move management of Vault back to tf_vault approle. for this, we need to
create a number of policies that are missing.
- add policies to manage consul secret engines
- add policies to manage pki secret engines
- add policies to manage kv secret engines
- add policies to manage ssh secret engines
- migrate from individual terraform files to config-driven terragrunt module structure
- add vault_cluster module with config discovery system
- replace individual .tf files with centralized config.hcl
- restructure auth and secret backends as configurable modules
- move auth roles and secret backends to yaml-based configuration
- convert policies from .hcl to .yaml format, add rules/auth definition
- add pre-commit hooks for yaml formatting and file cleanup
- add terragrunt cache to gitignore
- update makefile with terragrunt commands and format target
- Add Kubernetes secrets engine at kubernetes/au/syd1 path
- Create four RBAC roles with external YAML configuration:
* media-apps-operator: namespaced role for media-apps with selective permissions
* cluster-operator: cluster-wide read-only access to specific API groups
* cluster-admin: cluster-wide full access to specific API groups
* cluster-root: cluster-wide superuser access to all resources
- Add Vault policies for credential generation for each role
- Add admin policies for kubernetes auth backend configuration and role management
- Refactor kubernetes auth backend to use shared locals for CA certificate
- Update terraform-vault approle with required kubernetes policies
- update kubernetes_host to match value in jwt
- regenerate jwt token and store in vault
- add policy to enable access to jwt token
- update tf_deploy user with access to token
