Add support of Environment Variables Import

[kradenkov]

This PR introduce Configuration.Secret support for fetching raw values from Environment. It is benefitial to keep secrets outside git repository

[nekrich]

@mgutski, is there a chance to review and merge this PR? It will help us a lot.

[mgutski]

Hello @kradenkov and @nekrich, thank you for your interest in contributing to Swift Confidential.

As for the PR, while I do agree that introducing support for environment variables can be beneficial for certain use cases, the priorities for the upcoming release are as follows:

• Bumping Swift tools version to 5.9 -> Done ✅
• Upgrading Swift Syntax to version 509.1.1 -> Done ✅
• Adding support for the Swift 6 language mode -> Work In Progress ⚙️

The above are important for all Swift Confidential consumers, and so they take precedence. With that said, I currently don't have the capacity to perform a proper code review and, since the PR introduces a new feature, ensure no functionality regressions (must work with both SwiftPM and Xcode targets). Only after I'm done with the above-listed priorities, I will look into this PR and consider merging it to the release/0.4.0 branch.

Also, please note that Swift Confidential does not enforce keeping the confidential.yml configuration file under source control. That is, you are free to add it to your .gitignore file and e.g. use Swift conditional compilation blocks to only access the obfuscated literals in release builds. In such a case, you would need to securely load (e.g. from GitHub secrets) the Base64-encoded configuration, Base64 decode and write it to the confidential.yml file as part of your CD workflow. By following this approach, you can keep both the obfuscation algorithm and secret literals outside the Git repository. This is the kind of setup that is used in a number of projects I know about.