VAULT-528 Fix issue with consul-template not rendering secrets with delete_version_after set on them

[VioletHynes]

Some background:

Initially, Vault secrets would only have deletion_time set on them if they'd been deleted. Since then, it has become possible to set deletion time in the future, using delete_version_after to indicate that a secret 'will' be deleted. As a result, the old logic to assume a secret is deleted if it has a deletion time has become naive.

Resolves #1789
Resolves #1778
Resolves https://discuss.hashicorp.com/t/consul-template-not-returning-vault-kv-items-with-deletion-time-set/55763

[VioletHynes]

I spotted this as part of researching the bug. I've been doing the work under VAULT-528, but I'm happy to close NET-3777 as a duplicate or something once I merge this. However you folks want to handle it and whatever best fits your process!

[kkavish]

Please do close NET-3777, this essentially fixes what has been reported.

[kkavish]

Suggested change

	// Not a string, end early
	// key not present, end early

[VioletHynes]

Since we're casting to a string, we'll only go down the !ok codepath will only be gone down if the key isn't present or the value isn't a string. I'll improve the comment to show that it could be both :)

[VioletHynes]

Updated! Please let me know if there's anything else you'd need before approving :)

[marcboudreau]

Looks good. I did leave a suggestion for 2 additional test cases for your consideration.

[marcboudreau]

I'd add two more tests that confirm:

1. that if metadata is missing, false is returned from deletedKVv2
2. that if metadata's type is something other than map[string]interface{}, false is returned from deletedKVv2

[VioletHynes]

Thank you! Added both :)