feat(api): encrypt AWS creds (#37679)

## Description

As mentioned in #37654 `AWSSecretAccessKey` are not encrypted and stored as is.

## Update

Follow the existing `AuthToken` flow of setting the `Encrypted` fields,
`Decrypting` them later and `Clearing` them at the end.

Closes #37654

---------

Signed-off-by: Kausthubh J Rao <105716675+Exgene@users.noreply.github.com>
Co-authored-by: Lauris B <lauris@nix.lv>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com>

services/task/task.go

@@ -85,6 +85,11 @@ func CreateMigrateTask(ctx context.Context, doer, u *user_model.User, opts base.
 		return nil, err
 	}
 	opts.AuthToken = ""
+	opts.AWSSecretAccessKeyEncrypted, err = secret.EncryptSecret(setting.SecretKey, opts.AWSSecretAccessKey)
+	if err != nil {
+		return nil, err
+	}
+	opts.AWSSecretAccessKey = ""
 	bs, err := json.Marshal(&opts)
 	if err != nil {
 		return nil, err