chore: leverage vault secrets in helm release

.github/workflows/test-vault.yml

@@ -0,0 +1,38 @@
+name: Secure Test Vault Secrets Retrieval
+
+on:
+  pull_request:
+
+# These permissions are needed to assume roles from Github's OIDC.
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  test-get-secrets:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - id: get-secrets
+        uses: grafana/shared-workflows/actions/get-vault-secrets@main
+        with:
+          repo_secrets: |
+            APP_ID=secret/ci/repo/grafana/helm-charts/github-app:app-id
+            APP_PRIVATE_KEY=secret/ci/repo/grafana/helm-charts/github-app:private-key
+
+      - name: Check Secrets (Safely)
+        run: |
+          if [ -n "$APP_ID" ]; then
+            echo "app id is set and not empty"
+          else
+            echo "app id is not set or is empty"
+            exit 1
+          fi
+          if [ -n "$APP_PRIVATE_KEY" ]; then
+            echo "private key is set and not empty"
+          else
+            echo "private key is not set or is empty"
+            exit 1
+          fi
+          echo "Secrets retrieved successfully"