This patch introduces a new provider for sops, this allows to use
sops-encrypted data to be used e.g. to input tokens and credentails as
well as other values into the setup. This should help to depend less on
koolbox environment variables.

As I still maintain the demo instance, it's useful to integrate the demo
instance into the current terraform configuration, this allows it to
benefit from further developement of this repository.

The current README and variable descriptions should help anyone
interested in creating their own demo instance equivalent, to deploy
this to their hetzer cloud account. Even if not, it might provide some
nice inspiration regarding the instance handling.

Add externalName to encrypt internal DNS names. They might not be secret
but also of no value for people to read.

It turns out, the `hosts` value in the matrix-synapse helm chart is only
for additional hosts. One is supposed to use `csHosts` and `s2sHosts` as
variables to properly utilse settings like `includeUnderscoreSynapse`.

The keys in the `.sops.yaml` file have to be comma separated

This patch should help to hide semi-sensitive information. While an
email address or DNS name is not secret, it also doesn't need to be
exposed to everyone as easy as possible. E.g. being easy to scrape.
Therefore this patch masks these values in the config. No security gain
here, just annoying potential spammers and attackers.

Using the `.yamld` suffix won't work because sops considers it a
plaintext file instead of a yaml file with meaningful content.

This patch adds the new way to handle secrets by using `.yamld` for
decrypted files. This should help to prevent ever commiting secrets
unencrypted.

This patch adds secrets handling using SOPS to the repository.