Fix issue #24434: document secret mount behavior (#24442)

Adds documentation explaining how secrets appear inside build containers
when using GitHub Actions secret mounts.

Changes:
- Added new section "How secrets appear in the build container"
explaining:
  - Default secret mount location (/run/secrets/<id>)
  - File permissions and content handling
  - How the env option works
  - Custom target paths
- Includes practical examples for both environment variable and
file-based secret access

Fixes #24434

---------

Co-authored-by: David Karlsson <dvdksn@users.noreply.github.com>

content/manuals/build/ci/github-actions/secrets.md

@@ -57,6 +57,13 @@ jobs:
             "github_token=${{ secrets.GITHUB_TOKEN }}"
 ```
 
+> [!NOTE]
+> Secrets are mounted as files in the build container.
+> By default, they're available at `/run/secrets/<id>`.
+> You can also use the `env` option to load a secret into an environment variable,
+> or the `target` option to customize the mount path.
+> For details on secret mounts, see [Build secrets](/manuals/build/building/secrets.md).
+
 ### Using secret files
 
 The `secret-files` input lets you mount existing files as secrets in your build.