add --telegram-bot-token-file to read token from file

[fopina]

This is useful not only when using docker secrets but also to keep token out of process tree

As a note, this was the first time I saw this cli package (more used to cobra) and I couldn't find any clean way to add support for _FILE in the same flag.
Also, doing that would prevent normal flag usage (instead of env) to use a file for the token (and keep it away from process tree).

So I created a separate flag.

Again, I couldn't find any way to do post-flag parsing validations (to add the either required check), so I ended up adding it in the main action. The usage error in cli is private so I could not re-use it (which would look better/more standard in output).

[KostyaEsmukov]

The *_FILE env handling is typically docker-specific, therefore is better handled on the Dockerfile (entrypoint) level, not in the program.

[fopina]

While mostly used with docker secrets, there’s a threat vector where environment variables might be exposed (such as stack traces and debug error messages in some web frameworks) while not having read access to the files.

Having the application handle the files themselves prevent exposing these in the environment, otherwise that said entry point will basically move the secrets to its own variables

I believe viper (most common CLI lib?) does it, for instance

Not being pushy, just sharing 👍

[KostyaEsmukov]

It's the administrator's responsibility to ensure the secrets don't leak. Likewise, a file with a secret readable by the application's effective uid is readable by the other processes having that uid (assuming the same mount namespace). So that's not foolproof either.

Additionally, a program able to retrieve secrets from a file is oftentimes fairly expected to support autorotation without restarting the process, which is something that needs to be implemented and maintained.

That said, I don't think this feature fits here.