Propagate sensitive Porter parameters into template registration schema

[Copilot]

What is being addressed

Template sensitivity metadata was duplicated across porter.yaml and template_schema.json, creating drift and requiring manual double-entry. This change makes sensitivity authoritative in Porter metadata and propagates it into the API registration payload automatically.

How is this addressed

• Registration payload synthesis

  • Updated devops/scripts/register_bundle_with_api.sh to merge Porter sensitivity metadata into json_schema at registration time.
  • Sensitive parameter names are derived from porter explain output and applied to matching schema properties (including nested properties blocks).

• Template metadata migration

  • Removed sensitive: true from affected template_schema.json files.
  • Added/retained sensitive: true on the corresponding parameters in porter.yaml:
    • client_secret (workspace templates)
    • airlock_request_sas_url (guacamole review VM user resources)
    • smtpPassword remains in Porter for airlock_notifier

• Porter/Plugin compatibility confirmation

  • Current pinned versions (PORTER_VERSION=v1.4.0, PORTER_AZURE_PLUGIN_VERSION=v1.2.4) already include the upstream secret-name cleanup behavior needed for snake_case sensitive params; no version bump required for this issue.

payload=$(echo "${explain_json}" | jq --slurpfile json_schema template_schema.json '
  . as $explain
  | ($explain.parameters // [] | map(select(.sensitive == true) | .name) | unique) as $sensitive_parameter_names
  | ($json_schema[0] | walk(
      if type == "object" and has("properties") and (.properties | type) == "object"
      then .properties |= with_entries(
        .key as $parameter_name
        | if ($sensitive_parameter_names | index($parameter_name)) != null
          then .value |= (. + {"sensitive": true})
          else .
          end
      )
      else .
      end
    )) as $schema
  | $explain + {"json_schema": $schema}
')

• Documentation: no direct doc changes required.
• CHANGELOG.md: not updated in this PR.
• Template version increments: not required for this migration.

[rudolphjacksonm]

@copilot add enhancement note to changelog.md

[Copilot]

@copilot add enhancement note to changelog.md

Added in CHANGELOG.md under (Unreleased) → ENHANCEMENTS in commit b1da83a.