Allow Hashicorp Vault secret data to be preprocessed before upserting k8s secret.

[eshepelyuk]

Hello,

I'd like to propose an idea about making this operator more flexible.
Currently encrypted values are injected into Secret as is and only could be injected as a single field to a particular secret.
It could be good to allow somehow to preprocess data after retrieving from Hashicorp Vault but before upserting the data to secret.
Very similar how consul-template works.

I could see it by extending ExternalSecret to receive a template file and a list of secret that should be retrieved from Vault.
Then external-secrets could retrieve secrets completely and pass all them to the template for evaluation. And then resulting string will be upserted into k8s Secret as a named property configured in ExternalSecret too.

Use cases:

• several services need to access multiple Vault secret at once and then gather the data into a file that will be available in k8s Secret
• need to transform the data, since Vault could store compicated JSON documents but the k8s Service may need file in YAML, TOML etc

What do you think ?

[Flydiverny]

Some slack discussion here for reference https://kubernetes.slack.com/archives/C017BF84G2Y/p1612255297017600

[eshepelyuk]

Issue #625 is created.