remove private material from the config

So we can keep the config in rdsys-admin.

Right now there are api tokens, smtp passwords, auth tokens, generator seeds, ... Does it make sense to have a second secrets.json file for that kind of content? There are secrets for the backend, distributors or updaters, does it make sense to mix all of them in the same file?