template: add nomadSecret template function

[Mongey]

Description

Add a nomadSecret template function that allows templates to fetch secrets from pre-configured secret blocks and iterate over all key/value pairs returned by external secret plugins.

This enables use cases where users want to inject all values from a secret backend into the environment without knowing the exact keys in advance. The function:

• Takes a secret block name as its single argument
• Looks up the provider, path, and environment variables from the task's secret configuration
• Returns a map that can be iterated over using range or accessed with index

Testing & Reproduction steps

1. Configure a secrets plugin in the Nomad client's common plugins directory under secrets/
2. Define a secret block in a job specification:

   secret "app_secrets" {
     provider = "my-plugin"
     path     = "/prod/myapp"
   }

3. Reference the secret block in a template:

   template {
     data = <<EOF
   {{ range $k, $v := nomadSecret "app_secrets" }}
   {{ $k }}={{ $v }}
   {{ end }}
   EOF
     destination = "local/secrets.env"
     env         = true
   }

4. Run the job and verify secrets are rendered into the template

Links

Closes #27214

Contributor Checklist

• Changelog Entry If this PR changes user-facing behavior, please generate and add a
  changelog entry using the make cl command.
• Testing Please add tests to cover any new functionality or to demonstrate bug fixes and
  ensure regressions will be caught.
• Documentation If the change impacts user-facing functionality such as the CLI, API, UI,
  and job configuration, please update the Nomad product documentation, which is stored in the
  web-unified-docs repo. Refer to the web-unified-docs contributor guide for docs guidelines.
  Please also consider whether the change requires notes within the upgrade
  guide. If you would like help with the docs, tag the nomad-docs team in this PR.

Reviewer Checklist

• Backport Labels Please add the correct backport labels as described by the internal
  backporting document.
• Commit Type Ensure the correct merge method is selected which should be "squash and merge"
  in the majority of situations. The main exceptions are long-lived feature branches or merges where
  history should be preserved.
• Enterprise PRs If this is an enterprise only PR, please add any required changelog entry
  within the public repository.

• If a change needs to be reverted, we will roll out an update to the code within 7 days.

Changes to Security Controls

Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.