This patch introduces a new provider for sops, this allows to use
sops-encrypted data to be used e.g. to input tokens and credentails as
well as other values into the setup. This should help to depend less on
koolbox environment variables.

This patch drops the unused subnet variable from the hcloud_instance
module, which wasn't used anyway. This help to make the module fully
compatible with the way the hedgedoc demo instance is deployed.

This patch finally upstreams the currently used terraform setup for the
gateway machine at Hetzner. This should provide better insights into the
infrastructure and help people to learn from the setup.

It also helps to keep the automation level high and using terraform more
actively to keep these servers running.

The gateway server is the frontend reverse proxy for all web-originating
traffic and provides a simple setup, that runs a L4 HAProxy to forward
all traffic to the Kubernetes cluster, where it's terminated and handled.

This allows to keep the cloud server stupid and not being able to
compromise a connection (at least not more than any other middlebox).
This keeps the trust away from the cloud provider.