fix(sanctuary): update docs to make policy for Google Secrets clear
It was decided during sanctuary development to not "auto-create" secrets since the creation of secrets, and associated IAM permissions, is better done in tools like terraform. Sanctuary is intended to manage secret versions but not the secrets themselves.
Update the docs to make this clear and add terraform examples for the "intended approach".