fix(server): rebuild extension proxy registry when secrets change

[saidsef]

Fixes #27758

Summary

Argo CD's proxy extension registry is rebuilt when ExtensionConfig changes, but not when Secrets change. This means that if a user updates a secret referenced by an extension config (e.g. rotating an API key stored in argocd-secret), the proxy continues to use the old cached secret value until the next ExtensionConfig edit — or until the server restarts.

This PR adds settings.Secrets to the watch condition in server.go:watchSettings(), ensuring the proxy registry is rebuilt whenever secrets are modified.

Root cause

watchSettings() tracked prevExtConfig to detect changes, but ignored prevSecrets. Since ReplaceMapSecrets() is called inside UpdateExtensionRegistry(), any new secret values were invisible to the proxy until something else triggered a registry rebuild.

Changes

• server/server.go: Added prevSecrets tracking alongside prevExtConfig in the settings watch loop.
• server/extension/extension_test.go: Added TestUpdateExtensionRegistryWithSecrets to verify that proxy headers are updated after a secret change triggers registry rebuild.

Checklist

• This is a bug fix.
• The title of the PR conforms to the Title of the PR.
• I have signed off all my commits as required by DCO.
• I have written unit tests for my change.
• My new feature complies with the feature status guidelines.
• I have added a brief description of why this PR is necessary and/or what this PR solves.

[bunnyshell]

🔴 Preview Environment stopped on Bunnyshell

See: Environment Details | Pipeline Logs

Available commands (reply to this comment):

• 🔵 /bns:start to start the environment
• 🚀 /bns:deploy to redeploy the environment
• ❌ /bns:delete to remove the environment

[codecov]

Codecov Report

❌ Patch coverage is 33.33333% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 63.80%. Comparing base (91e7664) to head (6aa6dde).

Files with missing lines	Patch %	Lines
server/server.go	33.33%	2 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##           master   #27726   +/-   ##
=======================================
  Coverage   63.80%   63.80%           
=======================================
  Files         419      419           
  Lines       57221    57223    +2     
=======================================
+ Hits        36509    36513    +4     
- Misses      17290    17293    +3     
+ Partials     3422     3417    -5     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[saidsef]

Hey @agaudreault — would you mind taking a look when you get a chance? Given your work on the extension proxy, I think this is right in your wheelhouse.