Allow overriding .gitignore for job copies of files that contain secrets

[ricklamers]

Describe the problem this improvement solves
When working with files to store credentials you typically include the paths to these folders/files in .gitignore files.

When a job is created a snapshot of the project files is created too that excludes everything in the .gitignore. This is usually a good thing since it can avoid copying unnecessary "cache" files like virtualenvs or node_modules/ or pycache folders. However, it would be nice if there was a simple way to tell it to override the .gitignore for certain files that you don't want to version with git but that you would like to have present in the job snapshot. E.g. a JSON credentials file.

Describe the solution you'd like
Initially I was thinking of something like a .orchestignore that can undo .gitignore using the same expressivity of a .gitignore file. E.g. using the negation operator. However, I'm not sure if that's convoluted and whether there's a cleaner approach to be found here.

[astrojuanlu]

This. Secrets stored in files are pretty common at least in Google Cloud. What I've done some times is to pipe the contents of the file to an environment variable and then have some extra machinery that loads that and writes it to disk (internal Slack) but it's pretty cumbersome.

.orchestignore, similar to .dockerignore, sounds like a good solution. I'd decouple it from .gitignore though, and just populate it with some good defaults.