feat: CLOUDP-380111 Add project-service-account-secret resource

[rakhul-mongo]

Proposed changes

Added new resource Project Service Account Secret:

• Creates and manages secrets for MongoDB Atlas Service Accounts at the project level
• Supports secret expiration configuration
• Uses Atlas Go SDK v20250312013

Required Properties:

• ProjectId: Unique 24-hexadecimal digit string that identifies the project
• ClientId: The Client ID of the Project Service Account

Optional Properties:

• SecretExpiresAfterHours: Expiration time of the new Service Account secret in hours
• Profile: AWS Secrets Manager profile for Atlas API credentials (default: "default")

Read-Only Properties:

• SecretId: Unique 24-hexadecimal identifier of the secret
• Secret: The actual secret value (only returned on creation)
• MaskedSecretValue: The masked version of the secret
• CreatedAt: ISO 8601 timestamp when the secret was created
• ExpiresAt: ISO 8601 timestamp when the secret expires
• LastUsedAt: ISO 8601 timestamp when the secret was last used

Create-Only Properties:

• All properties (resource does not support updates - any change triggers replacement)

Update Support:

• Not supported - resource replacement required for any change

CFN testing:

AWS Stack:

Create:

Delete:

Jira ticket: CLOUDP-380111

Type of change:

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update
• If changes include removal or addition of 3rd party GitHub actions, I updated our internal document. Reach out to the APIx Integration slack channel to get access to the internal document.

Manual QA performed:

• cfn invoke for each of CRUDL/cfn test
• Updated resource in example
• Published to AWS private registry
• Used the template in example to create and update a stack in AWS
• Deleted stack to ensure resources are deleted
• Created multiple resources in same stack
• Validated in Atlas UI
• Included screenshots

Required Checklist:

• I have signed the MongoDB CLA
• I have added tests that prove my fix is effective or that my feature works (100% coverage on mappings.go)
• I have checked that this change does not generate any credentials and that they are NOT accidentally logged anywhere.
• I have added any necessary documentation (if appropriate)
• I have run make fmt and formatted my code
• For CFN Resources: I have released my changes in the private registry and proved my change works in Atlas