Don't git ignore .kamal/secrets

Secrets should be interpolated at runtime so we do want the file in git.

But add a warning at the top to avoid adding secrets or git ignore the
file if you do.

Also provide examples of the three options for interpolating secrets.

test/cli/main_test.rb

@@ -388,12 +388,10 @@ class CliMainTest < CliTestCase
       run_command("init").tap do |output|
         assert_match "Created configuration file in config/deploy.yml", output
         assert_match "Created .kamal/secrets file", output
-        assert_match "Added .kamal/secrets* to .gitignore", output
       end
 
       assert_file "config/deploy.yml", "service: my-app"
-      assert_file ".kamal/secrets", "KAMAL_REGISTRY_PASSWORD=change-this"
-      assert_file ".gitignore", %r{\n.kamal/secrets\*\n}
+      assert_file ".kamal/secrets", "KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD"
     end
   end
 
@@ -528,7 +526,6 @@ class CliMainTest < CliTestCase
       Dir.mktmpdir do |tmpdir|
         Dir.chdir(tmpdir) do
           `git init`
-          `echo '/.bundle\n/log/*\n/tmp/*' > .gitignore`
           yield
         end
       end

test/integration/docker/deployer/Dockerfile

@@ -26,8 +26,8 @@ RUN mkdir -p /etc/docker/certs.d/registry:4443 && ln -s /shared/certs/domain.crt
 
 RUN git config --global user.email "deployer@example.com"
 RUN git config --global user.name "Deployer"
-RUN cd app && git init && echo ".env" >> .gitignore && git add . && git commit -am "Initial version"
-RUN cd app_with_roles && git init && echo ".env" >> .gitignore && git add . && git commit -am "Initial version"
+RUN cd app && git init && git add . && git commit -am "Initial version"
+RUN cd app_with_roles && git init && git add . && git commit -am "Initial version"
 
 HEALTHCHECK --interval=1s CMD pgrep sleep