Treat APNs team/key IDs as secrets so they can change atomically with the key itself

service/src/main/java/org/whispersystems/textsecuregcm/configuration/ApnConfiguration.java

@@ -9,8 +9,8 @@ import javax.validation.constraints.NotNull;
 import org.whispersystems.textsecuregcm.configuration.secrets.SecretString;
 
 
-public record ApnConfiguration(@NotBlank String teamId,
-                               @NotBlank String keyId,
+public record ApnConfiguration(@NotNull SecretString teamId,
+                               @NotNull SecretString keyId,
                                @NotNull SecretString signingKey,
                                @NotBlank String bundleId,
                                boolean sandbox) {

service/src/main/java/org/whispersystems/textsecuregcm/push/APNSender.java

@@ -64,7 +64,7 @@ public class APNSender implements Managed, PushNotificationSender {
     this.bundleId = configuration.bundleId();
     this.apnsClient = new ApnsClientBuilder().setSigningKey(
             ApnsSigningKey.loadFromInputStream(new ByteArrayInputStream(configuration.signingKey().value().getBytes()),
-                configuration.teamId(), configuration.keyId()))
+                configuration.teamId().value(), configuration.keyId().value()))
         .setTrustedServerCertificateChain(getClass().getResourceAsStream(APNS_CA_FILENAME))
         .setApnsServer(configuration.sandbox() ? ApnsClientBuilder.DEVELOPMENT_APNS_HOST : ApnsClientBuilder.PRODUCTION_APNS_HOST)
         .build();