Prefer reading secrets.json to using pass show

I'm attempting to maintain a top-level secrets.json that defines all of the
sensitive data that I'd like to version-control without exposing everything in
cleartext to the world. To that end, I'm using `git secret`, which will use
`gpg` to encrypt secrets.json everytime I call `git secret hide` and decrypt
everytime I call `git secret reveal`.

I'm going to try this until I don't like it anymore... if that day comes...

I should write a blog post about my setup to solicit useful feedback and share
my ideas with others.

website/sandbox/contentful/.envrc

@@ -1,4 +1,4 @@
 source_up
 use_nix
-export CONTENTFUL_SPACE_ID="$(pass show programming/contentful/space-id)"
-export CONTENTFUL_ACCESS_TOKEN="$(pass show programming/contentful/access-token)"
+export CONTENTFUL_SPACE_ID="$(jq -j '.contentful | .spaceId' < ~/briefcase/secrets.json)"
+export CONTENTFUL_ACCESS_TOKEN="$(jq -j '.contentful | .accessToken' < ~/briefcase/secrets.json)"

website/sandbox/learnpianochords/src/server/.envrc

@@ -0,0 +1,6 @@
+source_up
+use_nix
+export SERVER_PORT=3000
+export CLIENT_PORT=8000
+export GOOGLE_CLIENT_ID="$(jq -j '.google | .clientId' < ~/briefcase/secrets.json)"
+export STRIPE_API_KEY="$(jq -j '.stripe | .apiKey' < ~/briefcase/secrets.json)"