feat: add CLI support for user secrets (#24270)

Adds a coder secret command group for managing user secrets from the
CLI, with create, update, list, and delete subcommands backed by the
existing user secret API.

This branch adds CLI test coverage and refreshes the generated help
output and CLI reference docs for the new command group.

cli/testdata/coder_--help.golden

@@ -43,6 +43,7 @@ SUBCOMMANDS:
                       password
     restart           Restart a workspace
     schedule          Schedule automated start and stop times for workspaces
+    secret            Manage secrets
     server            Start a Coder server
     show              Display details of a workspace's resources and agents
     speedtest         Run upload and download tests from your machine to a

cli/testdata/coder_secret_--help.golden

@@ -0,0 +1,39 @@
+coder v0.0.0-devel
+
+USAGE:
+  coder secret
+
+  Manage secrets
+
+  Aliases: secrets
+
+    - Create a secret:
+  
+       $ printf %s "$MYCLI_API_KEY" | coder secret create api-key --description
+  "API key for workspace tools" --env API_KEY --file "~/.api-key"
+  
+    - Update a secret:
+  
+       $ echo -n "$NEW_SECRET_VALUE" | coder secret update api-key --description
+  "Rotated API key" --env API_KEY --file "~/.api-key"
+  
+    - List your secrets:
+  
+       $ coder secret list
+  
+    - Show a specific secret:
+  
+       $ coder secret list api-key
+  
+    - Delete a secret:
+  
+       $ coder secret delete api-key
+
+SUBCOMMANDS:
+    create    Create a secret
+    delete    Delete a secret
+    list      List secrets, or show one by name
+    update    Update a secret
+
+———
+Run `coder --help` for a list of global options.

cli/testdata/coder_secret_create_--help.golden

@@ -0,0 +1,27 @@
+coder v0.0.0-devel
+
+USAGE:
+  coder secret create [flags] <name>
+
+  Create a secret
+
+  Provide the secret value with --value or non-interactive stdin (pipe or
+  redirect).
+
+OPTIONS:
+      --description string
+          Set the secret description.
+
+      --env string
+          Name of the workspace environment variable that this secret will set.
+
+      --file string
+          Workspace file path where this secret will be written. Must start with
+          ~/ or /.
+
+      --value string
+          Set the secret value. For security reasons, prefer non-interactive
+          stdin (pipe or redirect).
+
+———
+Run `coder --help` for a list of global options.

cli/testdata/coder_secret_delete_--help.golden

@@ -0,0 +1,15 @@
+coder v0.0.0-devel
+
+USAGE:
+  coder secret delete [flags] <name>
+
+  Delete a secret
+
+  Aliases: remove, rm
+
+OPTIONS:
+  -y, --yes bool
+          Bypass confirmation prompts.
+
+———
+Run `coder --help` for a list of global options.

cli/testdata/coder_secret_list_--help.golden

@@ -0,0 +1,20 @@
+coder v0.0.0-devel
+
+USAGE:
+  coder secret list [flags] [name]
+
+  List secrets, or show one by name
+
+  Aliases: ls
+
+  Secret values are omitted from the output.
+
+OPTIONS:
+  -c, --column [created|name|updated|env|file|description] (default: name,created,updated,env,file,description)
+          Columns to display in table output.
+
+  -o, --output table|json (default: table)
+          Output format.
+
+———
+Run `coder --help` for a list of global options.

cli/testdata/coder_secret_update_--help.golden

@@ -0,0 +1,29 @@
+coder v0.0.0-devel
+
+USAGE:
+  coder secret update [flags] <name>
+
+  Update a secret
+
+  At least one of --value, --description, --env, or --file must be specified.
+  Provide the secret value by at most one of --value or non-interactive stdin
+  (pipe or redirect).
+
+OPTIONS:
+      --description string
+          Update the secret description. Pass an empty string to clear it.
+
+      --env string
+          Name of the workspace environment variable that this secret will set.
+          Pass an empty string to clear it.
+
+      --file string
+          Workspace file path where this secret will be written. Must start with
+          ~/ or /. Pass an empty string to clear it.
+
+      --value string
+          Update the secret value. For security reasons, prefer non-interactive
+          stdin (pipe or redirect).
+
+———
+Run `coder --help` for a list of global options.