Remove command-line arguments for PINs and passwords

[robin-nitrokey]

As discussed earlier, the default input method for PINs, passwords and other secrets should be interactive prompts. To allow scripting, environment variables should be supported too. Command-line arguments should be removed as they are at a higher risk to end up in process lists, shell histories, logs, etc.

See also:

• https://github.com/Nitrokey/pynitrokey/issues/194
• https://github.com/Nitrokey/pynitrokey/pull/216 (longer discussion on PIN handling)

[daringer]

to bring this forward the next step here is to come up with a complete list of pins/passwords used in pynitrokey and have a proper suggestion how these can be provided alternatively.

[Laborratte5]

As a start the CLI_LOG_BLACKLIST in confconst.py could be used, containing:

• nitropy start kdf-details (--passwd)
• nitropy start update (-p)
• nitropy pro enable-update (-p)
• nitropy nethsm (-p)
• nitropy pro enable-update (--password)
• nitropy nk3 secrets set-pin (--password)
• nitropy nethsm (--password)
• nitropy nk3 test (--pin)
• nitropy fido2 verify (--pin)
• nitropy fido2 make-credential (--pin)
• nitropy fido2 list-credentials (--pin)
• nitropy fido2 delete-credential (--pin)
• nitropy fido2 challenge-response (--pin)

However digging around the related issues this list is not complete as it at least misses secrets add-password --password TEXT and maybe some others too.