fix(load_secrets): reset secrets_role between early and late plays

set_fact from bootstrap k8s selection persisted on localhost so late phase
kept k8s_secret_utils instead of vault_utils when backend is vault.

Co-authored-by: Cursor <cursoragent@cursor.com>

Author: Martin Jackson

roles/load_secrets/tasks/main.yml

@@ -1,4 +1,11 @@
 ---
+# set_fact for secrets_role/tasks_from in an early run persists on localhost for the whole
+# playbook; reset each time this role runs so late vault path is not skipped after bootstrap.
+- name: Reset secrets loader selection for this load_secrets invocation
+  ansible.builtin.set_fact:
+    secrets_role: "vault_utils"
+    tasks_from: "push_parsed_secrets"
+
 - name: Set fact for secretStore backend
   ansible.builtin.set_fact:
     secrets_backing_store: "{{ values_global.global.secretStore.backend | default('vault') }}"