Right now, we allow ConstantExpression or GStringExpression as the parameters to an internal function call (i.e., to credentials(...), but that's a little wonky, because you can actually sneak anything you want into the GStringExpression, i.e., "${someMethodCall(...)}" is legal. Now, locking down the GStringExpression contents is a different matter that I'll deal with some day. Probably. But for now, the question is what else should be allowed as a parameter to credentials(...) - there's probably a valid argument for non-block-scoped steps or functions and variables, so perhaps we should add VariableExpression and method calls with the same rules limiting their parameters as credentials(...) itself.

Needs more thinking. But soon.