Add new flag to mask secrets from '--debug' output

[hsnabsmryum]

Related command

All az commands that support --debug

Is your feature request related to a problem? Please describe.

When creating an issue here on GitHub, the "bug" template requests for the output of --debug, but with a ATTENTION note, that reads:

⚠ ATTENTION: Make sure to remove all sensitive information, such as username, password, credential, subscription ID, etc.

The debug output is long, and manually reviewing it in a text editor and changing all those information to *** or something is a pain; I'm sure it's prohibitive enough for some people to either not include the debug output (making the investigation harder for the team), or have some personal/secret information slip through.

It's also applicable when trying to post problems in Stack Overflow or share with consultancies/third-parties/contractors for troubleshooting purposes.

Describe the solution you'd like

It's clear (or agreeable by a discussion) what information is personal/secret and not safe to share (tenant ID, subscription ID, resource groups name, etc.), so masking them can be scripted.

I'm suggesting a new flag like --debug-masked to be the same as --debug, but, guess what, with secrets being masked!

Describe alternatives you've considered

Opening in a text editor and either skimming through, or by a global "Find and replace", but it's still possible to miss something.

Additional context

N/A

[yonzhan]

Thank you for opening this issue, we will look into it.