Replace Evergreen project variables used for Atlas connectivity testing with AWS Secrets Manager via drivers-evergreen-tools.

Scope

Atlas URIs and X.509 certificates are currently injected as Evergreen expansions via the setup-system function's PREPARE_SHELL block. Replace these with a call to ${DRIVERS_TOOLS}/.evergreen/secrets_handling/setup-secrets.sh drivers/atlas_connect (matching the Python driver's vault name — verify before starting).

Add a new "export Atlas credentials" function and wire it into Atlas test task definitions and testatlas_full_task_group setup.

Update Atlas test runner scripts to source the secrets-export.sh output and decode the base64 X.509 certificate (matching the Python driver pattern in scripts/setup_tests.py).

Also clean up remaining atlas_serverless_uri / atlas_serverless_lb_uri Evergreen var references (serverless runner already sources from ${DRIVERS_TOOLS}/.evergreen/serverless/secrets-export.sh).

Files to change

• .evergreen/config/common.yml.erb — remove atlas_* vars from setup-system/PREPARE_SHELL; add "export Atlas credentials" function
• .evergreen/config.yml — regenerate from ERB template
• .evergreen/run-tests-atlas.sh — source secrets-export.sh; decode X.509 cert from ATLAS_X509_DEV_CERT_BASE64
• .evergreen/run-tests-atlas-full.sh — same

Evergreen project variables eliminated (11)

atlas_replica_set_uri, atlas_sharded_uri, atlas_free_tier_uri, atlas_tls11_uri, atlas_tls12_uri, atlas_serverless_uri, atlas_serverless_lb_uri, atlas_x509_cert_base64, atlas_x509, atlas_x509_dev_cert_base64, atlas_x509_dev

Open question before starting

Confirm the vault name: Python driver uses drivers/atlas_connect; atlas/setup-secrets.sh defaults to drivers/atlas-qa. These may serve different purposes. Verify with DevProd before choosing the vault.

Test plan

Run a CI patch with Atlas connectivity build variants.