move secrets from sops lookup plugin to sops vars plugin

This makes secret configuration and usage a good bit cleaner.

resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2

@@ -6,8 +6,8 @@ services:
     image: docker.io/library/mariadb:11
     environment:
       - "MARIADB_DATABASE=wordpress"
-      - "MARIADB_ROOT_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/ccchoir/secrets.yaml", extract="['DB_ROOT_PASSWORD']") }}"
-      - "MARIADB_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/ccchoir/secrets.yaml", extract="['DB_PASSWORD']") }}"
+      - "MARIADB_ROOT_PASSWORD={{ secret__mariadb_root_password }}"
+      - "MARIADB_PASSWORD={{ secret__wordpress_db_password }}"
       - "MARIADB_USER=wordpress"
       - "MARIADB_AUTO_UPGRADE=yes"
     volumes:
@@ -23,7 +23,7 @@ services:
       - "WORDPRESS_DB_NAME=wordpress"
       - "WORDPRESS_DB_USER=wordpress"
       - "WORDPRESS_TABLE_PREFIX=wp_"
-      - "WORDPRESS_DB_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/ccchoir/secrets.yaml", extract="['DB_PASSWORD']") }}"
+      - "WORDPRESS_DB_PASSWORD={{ secret__wordpress_db_password }}"
     volumes:
       - wordpress:/var/www/html/wp-content
     ports: