Allow creating a tenant without file-based configuration

[trondhindenes]

A minio tenant seems to require a configuration block, which should point to a secret containing a base64-encoded representation of several environment variable. This makes it very cumbersome to change the config (or generate it in the first place), as one need to perform a base64-encoding of a multi-line string. It would be much better if the tenant allowed referencing a secret with individual keys to represent environment variables. This could be piped directly into minio contaner's envFrom attribute (https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#envfromsource-v1-core).

For us, this would let us keep Minio console passwords in an external secrets mgmt system, and sync that with a Kubernetes secret, which would then be used by minio.

I've tried supplying a tenant config like this:

spec:
  configuration:
    name: storage-configuration-grid-minio-dev
  env:
  - name: MINIO_ROOT_USER
    valueFrom:
      secretKeyRef:
        name: minio-test-user-secret
        key: MINIO_ROOT_USER
  - name: MINIO_ROOT_PASSWORD
    valueFrom:
      secretKeyRef:
        name: minio-test-user-secret
        key: MINIO_ROOT_PASSWORD
  - name: MINIO_STORAGE_CLASS_STANDARD
    valueFrom:
      secretKeyRef:
        name: minio-test-user-secret
        key: MINIO_STORAGE_CLASS_STANDARD
  - name: MINIO_BROWSER
    valueFrom:
      secretKeyRef:
        name: minio-test-user-secret
        key: MINIO_BROWSER

and have the configuration secret's decoded value be:

export MINIO_STORAGE_CLASS_STANDARD="EC:2"
export MINIO_BROWSER="on"

but it does not work - the operator is intent on reading the root user/password from the configuration secret's config.env value and nowhere else:

❯ kubectl get tenant
NAME             STATE                      HEALTH   AGE
grid-minio-dev   empty tenant credentials            6s

We're having real problems storing credentials in a secure manner because of this.

We're running the helm chart operator-7.0.0.