This rabbit hole of a task lead me to:
- Introduce a hardcoded secret module that is a secret provider
for tests.
- Update LDAP and SSO modules to use the secret contract.
- Refactor the replaceSecrets library function to correctly fail
when a secret file could not be read.
