Add credential rotation of BMCSecrets

[afritzler]

Summary

Currently we rely on the MAC DB to get the BMC secret for a given BMC device. Those are taken from the defaultCredentials part of the MAC DB.

An example of the MAC DB looks like this:

macPrefixes:
- macPrefix: 23
  manufacturer: Foo
  protocol: Redfish
  port: 8000
  type: bmc
  defaultCredentials:
  - username: foo
    password: bar

In the current implementation of the BMCReconciler those initial credentials are stored in a BMCSecret object (which is similar to a Kubernetes Secret object).

In order to secure the landscape from being compromised, those initial credentials must be rotated once used for the initial BMC setup. Ideally we extend the operator to allow the admin to define the secret handling policy: e.g. "Do nothing and stick to the default credentials", "Create a new user with it's own credential pair and disable the default credentials", etc.

This operation is dangerous because in case of loss of those rotated credentials you might end up in a situation where you lock yourself out of a BMC.