The goal is at some point to completely move out from using the BOT_PAT Gitlab token for authentication. Currently, there is high security risk that a compromise of a Gitlab worker might lead to unauthorized access to the registries and so on, by using BOT_PAT (which is visible to any worker). As a first step towards securing the authentication process we aim to replace the builder image containers' access to BOT_PAT (passed as an environment variable to the containers) with Podman secrets. Podman secrets will prevent BOT_PAT from leaking into the CI logs (for now). When BOT_PAT is replaced by a more secure alternative in the future, the new solution should be compatible with the podman secrets.