Provide --verbose option that does not print sensitive info

[olivergondza]

Description

--verbose-sensitive-output is dangerous to use in production, because the secret values can bubble to ArgoCD UI, archived pod logs, etc, and get exposed to unauthorized personnel.

Introduce --verbose option, that redact all potentially sensitive values inserted into the messages.

That way, secrets are not leaked. Administrators get the much needed "traces" of what was executed, same as the details of the safe values the program have worked with.

Checklist

Please make sure that your PR fulfills the following requirements:

• Reviewed the guidelines for contributing to this repository
• The commit message follows the Conventional Commits Guidelines.
• Tests for the changes have been updated
• Are you adding dependencies? If so, please run go mod tidy -compat=1.22.7 to ensure only the minimum is pulled in.
• [n/a] Docs have been added / updated
• Optional. My organization is added to USERS.md.

Type of Change

• Bugfix
• Feature
• Code style update (formatting, local variables)
• Refactoring (no functional changes, no api changes)
• New tests
• Build/CI related changes
• Documentation content changes
• Other (please describe)

Other information

[exp4bra1n]

Isn't' this function just going to redact all verbose logs?
Wouldn't the verboseOutput logs become unusable without the logic to understand what to redact or not ?

[olivergondza]

Isn't' this function just going to redact all verbose logs? Wouldn't the verboseOutput logs become unusable without the logic to understand what to redact or not ?

Not sure I am following you.

A developer is expected to wrap content that can be sensitive in SanitizeUnsafe. And that will make sure the content will not be printed based on command line opts provided.