[FEAT]: Add a provider function to handle encrypting secrets

[greg-swift-yohana]

Describe the need

Aside from the lack of documentation (#888), there is a lack of practical usage considering Vault, AWS SSM, Azure Key Vault, 1Password, etc.

Requirements:

• When pulling a secret from a data source, one should be able to encrypt that data to meet the GitHub API's requirements without running local commands, writing their own customer provider, or any other mechanism.

Recommendation:

As of Terraform 1.8 it is possible for a provider to distribute a custom function that can be leveraged in HCL. This provider should implement that.

How the usage might look (based on example in #888 )

terraform {
  required_providers {
    github = {
      source  = "integrations/github"
      version = ">= 6.3.0"
    }
    vault = {
      source  = "hashicorp/vault"
      version = "4.4.0"
    }
  }
}

provider "github" {
  owner = var.repo_owner
  token = var.github_token
}

data "github_actions_public_key" "main" {
  repository = var.repo_name
}

data "vault_kv_secret_v2" "main" {
  mount = "secret"
  name  = "secret/github/repo"
}

resource "github_actions_secret" "main" {
  repository  = var.repo_name
  secret_name = "SECRET_KEY"
  encrypted_value = provider::github::encrypt(
    data.github_actions_public_key.main.key,
    lookup(data.vault_kv_secret_v2.main[0].data, "mysecret", "")
  )
}

SDK Version

No response

API Version

No response

Relevant log output

No response

Code of Conduct

• I agree to follow this project's Code of Conduct