Allow the Jenkins admin to disable Secrets Manager lookups with the primary IAM role.

This is useful when the primary role corresponds to a gateway account with nothing in it, where you don't want Jenkins to call Secrets Manager.