feat: Add SOPS and Age support to Core and Periphery

[Nikhil-Gohil]

Adding sops and age binaries to the runtime dependencies. This allows users to decrypt secrets (e.g., .env files) directly within the container for GitOps workflows, removing the need for pre-decryption scripts on the host. Will make it much easier to use sops + age based secret handling in komodo.

Right now, we have to build docker images for core/periphery (tedious) or bind mount these binaries to the docker containers (could break).

I tested this workflow by creating a komodo periphery image and running a stack:
Repo with periphery + sops/age is here: Komodo Periphery Sops

Can use this as a pre deploy for stacks in komodo assuming secrets are stored as .env.enc in git:
sops --decrypt --input-type yaml --output-type dotenv .env.enc > .env

One issue I can think about is this creates a slight difference between komodo periphery as a docker container and the systemd agent since it will be expected that if installing as a systemd agent, sops and age needs to be manually installed.

[NiXTheDev]

One issue I can think about is this creates a slight difference between komodo periphery as a docker container and the systemd agent since it will be expected that if installing as a systemd agent, sops and age needs to be manually installed.

That can be handled in the periphery install script, that also needs a disclaimer, and different distros support because apt, dnf, pacman and others I very likely missed have different ways to install packages

apt/dnf install -y <package> #Oh lol, same syntax
pacman -Sy <package>

Or alternatively it can still have the pre-decryption script as a fallback if sops and age aren't installed, and then be slowly phased out(?), emitting a warning to the log about the requirement at first