secret rotate should execute sequentially(fix TestRefreshSecret )

[hzxuzhonghu]

1. As we startup goroutines during rotate, so wait for all routines exit.

2. sync.Map.Range(func()...) should not call sync.Map.Store in callback func.

The racetest TestRefreshSecret failure maybe related to this.

[googlebot]

So there's good news and bad news.

👍 The good news is that everyone that needs to sign a CLA (the pull request submitter and all commit authors) have done so. Everything is all good there.

😕 The bad news is that it appears that one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that here in the pull request.

Note to project maintainer: This is a terminal state, meaning the cla/google commit status will not change from this state. It's up to you to confirm consent of all the commit author(s), set the cla label to yes (if enabled on your project), and then merge this pull request when appropriate.

[googlebot]

CLAs look good, thanks!

[codecov]

Codecov Report

Merging #9055 into master will decrease coverage by 1%.
The diff coverage is 0%.

@@           Coverage Diff           @@
##           master   #9055    +/-   ##
=======================================
- Coverage      70%     69%   -<1%     
=======================================
  Files         412     413     +1     
  Lines       37774   38153   +379     
=======================================
+ Hits        26196   26244    +48     
- Misses      10319   10654   +335     
+ Partials     1259    1255     -4

Impacted Files	Coverage Δ
security/pkg/nodeagent/cache/secretcache.go	0% <0%> (-69%)	⬇️
mixer/pkg/protobuf/yaml/resolver.go	95% <0%> (-5%)	⬇️
pilot/pkg/model/authentication.go	84% <0%> (-1%)	⬇️
mixer/adapter/servicecontrol/testhelper.go	70% <0%> (-1%)	⬇️
mixer/adapter/servicecontrol/quotaprocessor.go	83% <0%> (ø)	⬇️
mixer/adapter/kubernetesenv/cache.go	89% <0%> (ø)	⬇️
mixer/adapter/signalfx/signalfx.go	83% <0%> (ø)	⬇️
...olarwinds/internal/papertrail/papertrail_logger.go	81% <0%> (ø)	⬇️
mixer/adapter/fluentd/fluentd.go	76% <0%> (ø)	⬇️
... and 17 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d2abca4...7e24358. Read the comment docs.

[hzxuzhonghu]

/assign @diemtvu

[hzxuzhonghu]

/test e2e-dashboard

[quanjielin]

/lgtm
/approve

[istio-testing]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: quanjielin
To fully approve this pull request, please assign additional approvers.
We suggest the following additional approver: diemtvu

If they are not already assigned, you can assign the PR to them by writing /assign @diemtvu in a comment when ready.

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• security/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[hzxuzhonghu]

@rshriram for approval

[hzxuzhonghu]

@diemtvu @myidpt can you approve?

[hzxuzhonghu]

Original logic indeed has a potential issue: old rotate goroutine may not exit when new rotate takes place

[hzxuzhonghu]

/assign @rshriram