feat(managed-secrets): add centrally managed secrets with GITOPS_ prefix pushed to multiple targets

Introduce managed secrets owned by GitOps that can be defined once and
pushed to any combination of projects/groups across connections. Values
are stored in OS keychain, secrets appear on targets as GITOPS_{key}.

ts_interfaces/data/actionlog.ts

@@ -1,5 +1,5 @@
-export type TActionType = 'create' | 'update' | 'delete' | 'pause' | 'resume' | 'test' | 'scan' | 'sync' | 'obsolete';
-export type TActionEntity = 'connection' | 'secret' | 'pipeline' | 'sync';
+export type TActionType = 'create' | 'update' | 'delete' | 'pause' | 'resume' | 'test' | 'scan' | 'sync' | 'obsolete' | 'push';
+export type TActionEntity = 'connection' | 'secret' | 'pipeline' | 'sync' | 'managed-secret';
 
 export interface IActionLogEntry {
   id: string;

ts_interfaces/data/index.ts

@@ -6,3 +6,4 @@ export * from './secret.ts';
 export * from './pipeline.ts';
 export * from './actionlog.ts';
 export * from './sync.ts';
+export * from './managedsecret.ts';

ts_interfaces/data/managedsecret.ts

@@ -0,0 +1,41 @@
+export interface IManagedSecretTarget {
+  connectionId: string;
+  scope: 'project' | 'group';
+  scopeId: string;
+  scopeName: string;
+}
+
+export type TPushStatus = 'pending' | 'success' | 'error';
+
+export interface IManagedSecretTargetStatus {
+  connectionId: string;
+  scope: 'project' | 'group';
+  scopeId: string;
+  scopeName: string;
+  status: TPushStatus;
+  error?: string;
+  lastPushedAt?: number;
+}
+
+export interface IManagedSecret {
+  id: string;
+  key: string;
+  description?: string;
+  targets: IManagedSecretTarget[];
+  targetStatuses: IManagedSecretTargetStatus[];
+  createdAt: number;
+  updatedAt: number;
+  lastPushedAt?: number;
+}
+
+export interface IManagedSecretStored {
+  id: string;
+  key: string;
+  description?: string;
+  value: string;
+  targets: IManagedSecretTarget[];
+  targetStatuses: IManagedSecretTargetStatus[];
+  createdAt: number;
+  updatedAt: number;
+  lastPushedAt?: number;
+}