Introduce sops and sops-nix for secret management

Use the GPG keys used for the password-store noc directory for the admin
keys.
Switch the git hosts secret management from colmena to sops-nix.

https://github.com/getsops/sops
https://github.com/Mic92/sops-nix

.sops.yaml

@@ -0,0 +1,46 @@
+keys:
+  - &admin_gpg_djerun EF643F59E008414882232C78FFA8331EEB7D6B70
+  - &admin_gpg_stb F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+  - &admin_gpg_jtbx 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+  - &admin_gpg_yuri 87AB00D45D37C9E9167B5A5A333448678B60E505
+  - &admin_gpg_june 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
+  - &admin_gpg_haegar F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+  - &admin_gpg_dario 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+  - &admin_gpg_echtnurich 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+  - &admin_gpg_max 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+  - &admin_gpg_c6ristian B71138A6A8964A3C3B8899857B4F70C356765BAB
+  - &admin_gpg_dante 3D70F61E07F64EC4E4EF417BEFCD9D20F58784EF
+  - &host_age_git age18zaq9xg9nhqyl8g7mvrqhsx4qstay5l9cekq2g80vx4920pswdfqpeafd7
+creation_rules:
+  - path_regex: config/hosts/git/.*
+    key_groups:
+      - pgp:
+          - *admin_gpg_djerun
+          - *admin_gpg_stb
+          - *admin_gpg_jtbx
+          - *admin_gpg_yuri
+          - *admin_gpg_june
+          - *admin_gpg_haegar
+          - *admin_gpg_dario
+          - *admin_gpg_echtnurich
+          - *admin_gpg_max
+          - *admin_gpg_c6ristian
+          - *admin_gpg_dante
+        age:
+          - *host_age_git
+  - key_groups:
+      - pgp:
+          - *admin_gpg_djerun
+          - *admin_gpg_stb
+          - *admin_gpg_jtbx
+          - *admin_gpg_yuri
+          - *admin_gpg_june
+          - *admin_gpg_haegar
+          - *admin_gpg_dario
+          - *admin_gpg_echtnurich
+          - *admin_gpg_max
+          - *admin_gpg_c6ristian
+          - *admin_gpg_dante
+stores:
+  yaml:
+    indent: 2