Initial action to synchronize signing secrets to confidential repo (#30561)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
* Added a new workflow to simulate syncing selected secrets to another
repository in dry-run mode. No actual changes will occur during
execution.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

.github/workflows/secrets-to-confidential.yml

@@ -0,0 +1,24 @@
+name: Secret sync to confidential
+on:
+  workflow_dispatch:
+
+# This allows a subsequently queued workflow run to interrupt previous runs
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
+  cancel-in-progress: true
+
+jobs:
+  sync_secrets:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: jpoehnelt/secrets-sync-action@7840777f242539d96b60477b66aa1c179e7644ea # v1.10.0
+        name: Sync secrets to confidential
+        with:
+          SECRETS: |
+            ^DIGICERT_.*
+            ^APPLE_.*
+          REPOSITORIES: |
+            fleetdm/confidential
+          DRY_RUN: true
+          GITHUB_TOKEN: ${{ secrets.SECRETS_GITHUB_PAT }}
+          CONCURRENCY: 10