DEVPROD-8409: support host auth using env vars

[Kimchelly]

DEVPROD-8409

Description

The localhost:2285/status agent endpoint that's available to tasks currently leaks the host secret in plaintext because the evergreen agent process includes the command-line args passed to the agent such as host ID/secret (e.g. evergreen agent --host-id <HOST_ID> --host-secret <HOST_SECRET>). The /status endpoint's response returns all commands and their arguments, so the task receives the plaintext host secret.

To prevent the /status endpoint from returning the host secret in plaintext, I changed the way the agent receives its host ID/secret so that they can be set as environment variables for the process instead of command-line arguments. I can't actually remove the command-ine arguments until this is deployed to prod + I do some post-deploy work to update static hosts (see below).

Post-Deploy Steps

As I mentioned under testing, staging has drifted pretty far from prod for distros, so it's not possible to test some provisioning scenarios that will appear in prod. Instead, I'm going to monitor the deploy and manually test SSH provisioning and Docker container pool provisioning once the deploy goes out.

In addition, static hosts will not roll over to the new version automatically (in case you're wondering - no, this is not easily fixable). To roll them over to use env vars for auth, I'm going to reprovision all non-quarantined static hosts manually.

Testing

• Smoke test passes when using env vars for auth.
• Tested in a staging patch that using env vars for host auth prevented the host ID/secret from appearing in the response from the /status endpoint.
• Tested user data and legacy SSH provisioning to verify they could start the agent with the host ID/secret set through env vars.
  • I didn't test Docker containers and SSH provisioning because they don't work in staging anymore. Instead, I'm going to verify they work post-deploy (see above).