Fix 1password-credentials secret injection

[demon]

Using the credentials as OP_SESSION is confusing, as it requires you to base64 encode the 1password-credentials.json file first. That's on top of having to base64 encode the secret in k8s. This twice base64- encoding is undocumented and unintuitve.

Since connect supports reading the credentials from disk, and we already create the volume from the secret anyway, just follow thru and mount the credentials at the expected location. I imagine this was the intent at some point.

As a sidebar: it was extra weird to find that OP_SESSION has a second use: it can also be used to override the location of 1password-credentials.json. I would advise separating these into two separate environment variables but that's out of scope for this change.

Finally, since we're mounting the file and not trying to double-base64 the data, swap stringData for data in the secret.

Obsoletes pull request #113, fixes issue #163 and issue #94, makes some progress on issue #167.

[github-actions]

⚠️ This PR contains unsigned commits. To get your PR merged, please sign those commits (git rebase --exec 'git commit -S --amend --no-edit -n' @{upstream}) and force push them to this branch (git push --force-with-lease).

If you're new to commit signing, there are different ways to set it up:

Sign commits with gpg

Follow the steps below to set up commit signing with gpg:

1. Generate a GPG key
2. Add the GPG key to your GitHub account
3. Configure git to use your GPG key for commit signing

Sign commits with ssh-agent

Follow the steps below to set up commit signing with ssh-agent:

1. Generate an SSH key and add it to ssh-agent
2. Add the SSH key to your GitHub account
3. Configure git to use your SSH key for commit signing

Sign commits with 1Password

You can also sign commits using 1Password, which lets you sign commits with biometrics without the signing key leaving the local 1Password process.

Learn how to use 1Password to sign your commits.