Refactor handling of secret model fields

[thekaveman]

Implementation plan from #1764

Implementation plan

• Implement a simple helper script in the spirit of this one in data-infra; use Azure's python libraries to read a value from a Key Vault by secret name. Ensure the Key Vault / environment (e.g. dev, test, prod) is not hardcoded; create a setting from an environment variable or similar. Feat: helper script to read KeyVault secrets #1859
• Create a custom Django field type that inherits from models.TextField. The default field implementation stores the name of the secret. Refactor: model secret fields #1874
• Using the field mapping spreadsheet, update all secret fields to have this new field type. Update the field names to include a _secret_name postfix Refactor: model secret fields #1874
• Add new properties to each model that use the helper script above and the _secret_name field value to get the actual value of the secret. These properties should be named the same as the original (pre-refactor) secret field (e.g. without the _secret_name postfix) Refactor: model secret fields #1874