Work around upstream issue #790 by explicitly referencing the
ca-certificates.crt file.

Add support for storing secrets in files outside the nix store, since
files in the nix store are world-readable and secrets therefore can't
be stored safely there.

The old string options are kept, since they can potentially be handy
for testing purposes, but their descriptions now state that they
shouldn't be used in production. The manual section is updated to use
the file options rather than the string options and the tests now test
both.

Use the postgresql module to provision a local db (if
databaseCreateLocally is true) instead of doing this locally.

Switch to using the local unix socket for db connections by default;
this is needed since dbs created by the postgresql module only support
peer authentication.

Instead of running the rake tasks db:schema:load, db:migrate and
db:seed_fu, run gitlab:db:configure, which in turn runs these tasks
when needed.

Solves issue #53852 for gitlab.

Introduce new functions which allows modules to define options where,
if the input is an attrset and the output is JSON, the user can define
arbitrary secrets.

Adds the ability to make any parameter specified in extraConfig secret
by defining it an attrset containing the attr _secret, which in turn
is a path to a file containing the actual secret.

This update was generated by hackage2nix v2.14.4-7-ga804c35 from Hackage revision
commercialhaskell/all-cabal-hashes@4cf3608.

Needs a patch before it'll run, but it didn't run before and might as
well be updated before it's patched.

Since MHonArc is a program, not a library, it makes sense to expose it
on the top level, in lowercase, like other programs.

starship: 0.13.1 -> 0.15.0

nixos/gitlab: Add support for secure secrets and more

kdevelop, kdev-php, kdev-python: 5.4.1 -> 5.4.2