Marshaling normalization for HMAC comparison

[ollaw]

Fixes #903

Problem

When a Vault secret becomes empty, a VaultStaticSecret with the transformation excludeRaw: true and a set of targets set in rolloutRestartTargets fields, triggers infinite restarts of target Pods.

The cause of it seems to be the way VSO checks if the secrets has changed and must be updated, an specifically:

1. When a secret on Vault becomes empty, VSO triggers the first valid reconciliation. The destination secret shouldn't have any data anymore (since excludeRaw: true) and thus VSO applies the patch with data: {} since {} it's what is basically coming from Vault.
2. Kubernetes won't save the data field on the Secret since is empty.
3. At the next reconciliation, to understand if there are diffs, VSO reads the secret from Vault again and compares the HMAC of the Kubernetes secret with the HMAC of the Vault secret.
4. The HMAC of the two secret is different for the way the emptiness is represented (nil for Kubernetes, {} for Vault) and the update process is repeated, triggering again the restart of the Pods.

Changes

This PR normalizes HMAC computation to ensure consistent comparison between Vault and Kubernetes secrets.
If the secret’s data field is nil, it is now initialized to an empty map before computing the HMAC.

PCI review checklist

• I have documented a clear reason for, and description of, the change I am making.

• If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.

• If applicable, I've documented the impact of any changes to security controls.

  Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.