tka: refer consistently to "DisablementValues"

This avoids putting "DisablementSecrets" in the JSON output from
`tailscale lock log`, which is potentially scary to somebody who doesn't
understand the distinction.

AUMs are stored and transmitted in CBOR-encoded format, which uses an
integer rather than a string key, so this doesn't break already-created
TKAs.

Fixes #19189

Change-Id: I15b4e81a7cef724a450bafcfa0b938da223c78c9
Signed-off-by: Alex Chan <alexc@tailscale.com>

tka/tailchonk_test.go

@@ -316,8 +316,8 @@ func TestMarkDescendantAUMs(t *testing.T) {
 
 func TestMarkAncestorIntersectionAUMs(t *testing.T) {
 	fakeState := &State{
-		Keys:               []Key{{Kind: Key25519, Votes: 1}},
-		DisablementSecrets: [][]byte{bytes.Repeat([]byte{1}, 32)},
+		Keys:              []Key{{Kind: Key25519, Votes: 1}},
+		DisablementValues: [][]byte{bytes.Repeat([]byte{1}, 32)},
 	}
 
 	tcs := []struct {
@@ -542,8 +542,8 @@ func cloneMem(src, dst *Mem) {
 
 func TestCompact(t *testing.T) {
 	fakeState := &State{
-		Keys:               []Key{{Kind: Key25519, Votes: 1}},
-		DisablementSecrets: [][]byte{bytes.Repeat([]byte{1}, 32)},
+		Keys:              []Key{{Kind: Key25519, Votes: 1}},
+		DisablementValues: [][]byte{bytes.Repeat([]byte{1}, 32)},
 	}
 
 	// A & B are deleted because the new lastActiveAncestor advances beyond them.
@@ -610,8 +610,8 @@ func TestCompactLongButYoung(t *testing.T) {
 
 	storage := ChonkMem()
 	auth, _, err := Create(storage, State{
-		Keys:               []Key{ourKey, someOtherKey},
-		DisablementSecrets: [][]byte{DisablementKDF(bytes.Repeat([]byte{0xa5}, 32))},
+		Keys:              []Key{ourKey, someOtherKey},
+		DisablementValues: [][]byte{DisablementKDF(bytes.Repeat([]byte{0xa5}, 32))},
 	}, ourPriv)
 	if err != nil {
 		t.Fatalf("tka.Create() failed: %v", err)