try to prevent secrets being added in plain text

- we could use a tool like https://github.com/zricethezav/gitleaks as part of pre-commit and when actually adding vars using `envars add`
- trying to add a var with names like PASSWORD|TOKEN|KEY should at least warn the user if not outright error