generated secret names should be unique and rfc1123 compliant

We need to validate the 'name' field in k8s-master user actions. We use the name as part of the secret id, and that must be a valid rfc1123 string:

https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-subdomain-names

Today, things like 'user-create' allow invalid input, and while k8s throws an error, the action succeeds. Example with an invalid name (capital letters are invalid):

-----
$ juju run-action --wait kubernetes-master/0 user-create name=Bob
unit-kubernetes-master-0:
  UnitId: kubernetes-master/0
  id: "3"
  results:
    Stderr: |
      The Secret "Bob-token-auth" is invalid: metadata.name: Invalid value: "Bob-token-auth": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')
    Stdout: |
      Cluster "juju-cluster" set.
      Property "users" unset.
      User "Bob" set.
      Context "juju-context" created.
      Switched to context "juju-context".
    kubeconfig: juju scp kubernetes-master/0:/home/ubuntu/Bob-kubeconfig .
    msg: User "Bob" created.
    users: admin, system:kube-controller-manager, system:kube-proxy, system:node:juju-2a8f8a-10,
      system:node:juju-2a8f8a-11, system:node:juju-2a8f8a-12, system:kube-scheduler,
      system:monitoring, Bob
  status: completed
-----

No secret has been created, but users might not realize that since the action appears to have succeeded.