Handle sensitive input maps via SecretReference

[turkenh]

Description of your changes

This PR fixes the issues we are having with sensitive input fields of type map by using a SecretReference as the data type.

Fixes #134

I have:

• Read and followed Crossplane's contribution process.
• Run make reviewable to ensure this PR is ready for review.
• Added backport release-x.y labels to auto-backport this PR if necessary.

How has this code been tested

Tested with aws_glue_connection resource and this PR using the below manifests:

apiVersion: glue.aws.upbound.io/v1beta1
kind: Connection
metadata:
  annotations:
    meta.upbound.io/example-id: glue/v1beta1/connection
  labels:
    testing.upbound.io/example-name: example
  name: example
spec:
  forProvider:
    catalogId: "123456789012"
    connectionPropertiesSecretRef:
      name: example-secret
      namespace: upbound-system
    region: us-west-1
---
apiVersion: v1
kind: Secret
metadata:
  name: example-secret
  namespace: upbound-system
type: Opaque
stringData:
  JDBC_CONNECTION_URL: "jdbc:mysql://my-db/exampledatabase"
  PASSWORD: "examplepassword"
  USERNAME: "exampleusername"

[muvaf]

LGTM! Could you also drop a comment in regards to how many CRDs are affected by this change in the official providers and which ones would be breaking changes?

[turkenh]

LGTM! Could you also drop a comment in regards to how many CRDs are affected by this change in the official providers and which ones would be breaking changes?

@muvaf no CRDs effected with this change since there were no configured resource with a sensitive input of type map since it was failing indeed. Double checked this by running make generate in all 3 providers consuming this change.

[muvaf]

Thanks @turkenh !

[eljohnson92]

@turkenh @muvaf would you expect this PR would also handle secrets that are arrays? we have a use case where we have an array we would like to mark the contents of as secrets