Restrict RetrieveSecret access
Refs https://redmine.teklia.com/issues/3228
Once ponos delegated auth is available, we should limit the RetrieveSecret to only authorize ponos authentication.
A normal API user (through a user token) should not be able to read any secret.