[terraform] Introduce SOPS secrets

Summary:
This diff:

• Introduces .sops.yaml configuration file for SOPS files in the repo.
• Introduces services/terraform/remote/secrets.json file that contains some secrets. Now it contains a few examples:
  • Prod/staging account IDs
  • Keyserver public key, used by Identity Service
• Makes these secrets accessible by Terraform

Depends on D8666

Test Plan:

Note that the test plan requires access to the "Terraform/Infra" AWS account. Contact me if you need access.

• CLI decryption with plaintext! output to stdout:

cd services/terraform/remote
sops -d secrets.json

• Secrets should be accessible from Terraform:
  1. Add example output:

output "my_secret" {
  # It must be wrapped in nonsensitive() or TF will output only redacted placeholder
  value = nonsensitive(local.secrets["accountIDs.staging"])
}

2. Run Terraform:

cd services/terraform/remote
terraform apply

Should output:

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
Outputs:
my_secret = "123456789012"

Reviewers: ashoat, jon, varun

Reviewed By: jon

Subscribers: tomek

Differential Revision: https://phab.comm.dev/D8667