fix: wipe user secrets when user is soft-deleted (#24985)

Extend the delete_deleted_user_resources() trigger so that secrets
belonging to a soft-deleted user are removed in the same transaction as
the existing api_keys and user_links cleanup.

user_secrets.user_id has ON DELETE CASCADE, but Coder soft-deletes users
by flipping users.deleted rather than removing the row, so the foreign key
cascade never fires and secrets would otherwise survive deletion.

Assisted by Coder Agents.

coderd/telemetry/telemetry_test.go

@@ -2147,18 +2147,6 @@ func TestUserSecretsTelemetry(t *testing.T) {
 			p.FilePath = "/home/coder/active.file"
 		})
 
-		// Soft-deleted user. user_secrets has ON DELETE CASCADE on
-		// users, but Coder soft-deletes by setting users.deleted, so
-		// the secret row persists. The summary should ignore it.
-		deleted := dbgen.User(t, db, database.User{Deleted: true})
-		_ = dbgen.UserSecret(t, db, database.UserSecret{
-			UserID: deleted.ID,
-			Name:   "deleted-secret",
-		}, func(p *database.CreateUserSecretParams) {
-			p.EnvName = "DELETED_ENV"
-			p.FilePath = ""
-		})
-
 		// User secret owned by a dormant user should be excluded.
 		dormant := dbgen.User(t, db, database.User{Status: database.UserStatusDormant})
 		_ = dbgen.UserSecret(t, db, database.UserSecret{