Add support for Build Secrets (--secret) when building an image. Not sure how it'd work but currently the only way I can see for how to pass authentication credentials that are usable down-stream within the Dockerfile is to pass build args, which is insecure and emitted in Depot etc

Specific use-case is npm authentication.