move secrets from sops lookup plugin to sops vars plugin

This makes secret configuration and usage a good bit cleaner.

resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2

@@ -6,7 +6,7 @@ services:
     image: docker.io/library/postgres:15-alpine
     environment:
       - "POSTGRES_USER=pretalx"
-      - "POSTGRES_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/pretalx/secrets.yaml", extract="['DB_PASSWORD']") }}"
+      - "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}"
       - "POSTGRES_DB=pretalx"
     volumes:
       - database:/var/lib/postgresql/data
@@ -60,7 +60,7 @@ services:
       PRETALX_DB_TYPE: postgresql
       PRETALX_DB_NAME: pretalx
       PRETALX_DB_USER: pretalx
-      PRETALX_DB_PASS: "{{ lookup("community.sops.sops", "resources/chaosknoten/pretalx/secrets.yaml", extract="['DB_PASSWORD']") }}"
+      PRETALX_DB_PASS: "{{ secret__pretalx_db_password }}"
       PRETALX_DB_HOST: database
       PRETALX_MAIL_FROM: "pretalx@hamburg.ccc.de"
       PRETALX_MAIL_HOST: "cow-intern.hamburg.ccc.de"
@@ -90,13 +90,13 @@ services:
       PRETALX_DB_TYPE: postgresql
       PRETALX_DB_NAME: pretalx
       PRETALX_DB_USER: pretalx
-      PRETALX_DB_PASS: "{{ lookup("community.sops.sops", "resources/chaosknoten/pretalx/secrets.yaml", extract="['DB_PASSWORD']") }}"
+      PRETALX_DB_PASS: "{{ secret__pretalx_db_password }}"
       PRETALX_DB_HOST: database
       PRETALX_MAIL_FROM: "pretalx@hamburg.ccc.de"
       PRETALX_MAIL_HOST: "cow.hamburg.ccc.de"
       PRETALX_MAIL_PORT: 587
       PRETALX_MAIL_USER: pretalx@hamburg.ccc.de
-      PRETALX_MAIL_PASSWORD: "{{ lookup("community.sops.sops", "resources/chaosknoten/pretalx/secrets.yaml", extract="['PRETALX_MAIL_PASSWORD']") }}"
+      PRETALX_MAIL_PASSWORD: "{{ secret__pretalx_mail_password }}"
       PRETALX_MAIL_TLS: "true"
       PRETALX_CELERY_BACKEND: redis://redis/1
       PRETALX_CELERY_BROKER: redis://redis/2