Support non-encrypted variables in ROFL manifest yaml

[matevz]

Currently, there are two ways to configure your ROFL:

1. define secrets in rofl.yaml which are fed to your docker image
2. define publicly visible variables in compose.yaml, Dockerfile, or the image itself

Step 2. will produce a different enclave ID for different configuration every build which is annoying since it's still the same (audited) app. Add support for defining publicly exposed variables to rofl.yaml. They should work exactly the same as secrets, just that they are unencrypted.

Rough TODO:

1. cli: Similar to secrets add another environment section to rofl.yaml deployment.
2. cli: Similar to oasis rofl secret add oasis rofl environment cmd (alias env)
3. cli: Make sure there are no name collisions with secrets.
4. explorer: Add support to Explorer

[kostko]

We could simply make it so that any metadata prefixed with env. are set as environment variables (e.g. env.MY_VAR) with rofl-containers doing the interpretation.

[matevz]

We could simply make it so that any metadata prefixed with env. are set as environment variables (e.g. env.MY_VAR) with rofl-containers doing the interpretation.

Metadata are not deployment-specific. Usually you'd want different settings for Testnet vs Mainnet.

[kostko]

Of course it is deployment-specific, what do you mean?

[matevz]

Of course it is deployment-specific, what do you mean?

I thought you were considering adding it to the app-level metadata https://github.com/oasisprotocol/cli/blob/b6894a1bb6ea7918a9b2ba3efe30b1911388e2f6/build/rofl/manifest.go#L50-L63. I agree, the deployment metadata should work do fine.