Ambassador 0.50-rc4 persists all secrets to container

[n1koo]

Describe the bug
Since #1087 we started caching all secrets (not just ones explicitely needed by ambassador) to the containers.

eg.

/config $ ls -lha ambassador-config/sync-1/top-secret/secrets
total 28
drwxr-sr-x    2 nobody   nobody       140 Jan 10 10:22 .
drwxr-sr-x    4 nobody   nobody        80 Jan 10 10:22 ..
-rw-r--r--    1 nobody   nobody       593 Jan 10 10:22 top-secret-regcred.yaml
-rw-r--r--    1 nobody   nobody       484 Jan 10 10:22 top-secret.yaml
-rw-r--r--    1 nobody   nobody      8.0K Jan 10 10:22 default-token-n64vb.yaml
-rw-r--r--    1 nobody   nobody      5.5K Jan 10 10:22 istio.default.yaml
-rw-r--r--    1 nobody   nobody      1.1K Jan 10 10:22 registry-mirror-regcred.yaml

Since k8s secrets are only base64 coded if anyone gains access to Ambassador, which is meant to run on edge, its basically game over in terms of accessing sensitive data.

To Reproduce
Steps to reproduce the behavior:

1. Run 0.50-rc4
2. Let kubewatch sync
3. check ambassador-config/sync-1
4. Read database creds off secrets, pull data and sell it on dark web

Expected behavior
We shouldn't be touching any secrets we don't need

Versions (please complete the following information):

• Ambassador: 0.50-rc4

Additional context
Introduced in #1087

[kflynn]

Fixed in RC6.