As tech lead, I want updating JWT_KEY for Login.gov to be secure and accessible

[andrew-jameson]

Description:
When updating JWT keys, I want to be able to share keys across the team in a secure manner. I've seen Hashicorp Vault, SOPS, and Ansible Vault among other utilities cover this key management problem. Being able to utilize one of these solutions would allow key rotation and updating environment variables for the application to work more easily as it related to the work from #1826.

Acceptance Criteria:
Create a list of functional outcomes that must be achieved to complete this issue

• JWT_KEY values for all three cloud.gov spaces are secure, updatable, readable
• JWT_KEY values are no longer stored in CircleCI environment variables
• The storage solution for JWT_KEYs are accessible by dev team, government tech lead, and CircleCI
• JWT_KEY values are updated via the CircleCI deployment pipelines by both raft-tech and HHS repositories
• Testing Checklist has been run and all tests pass
• README is updated, if necessary

Tasks:
Create a list of granular, specific work items that must be completed to deliver the desired outcomes of this issue

• Using pre-existing Terraform state s3 bucket, store JWT_KEY values for the respective CF spaces
• JWT_KEY values for CF spaces are updated during our CircleCI deployments using the state bucket as their source of truth
• Document the process for developers to access the JWT_KEYs for respective space

Notes:
Add additional useful information, such as related issues and functionality that isn't covered by this specific issue, and other considerations that will be helpful for anyone reading this

• While Terraform can inspect the CF apps' environment variables, we do not want these values to overwrite the s3 state bucket as 'source of truth'

Supporting Documentation:

Open Questions:

[andrew-jameson]

To be discussed at dev sync upon @raft-twhitlock 's return.

[robgendron]

Deemed closed by @andrew-jameson.