Personalisation Redaction: Sanitize notifications after final delivery

[kalbfled]

User Story - Business Need

• [ ] Ticket is understood, and QA has been contacted (if the ticket has a QA label).

User Story(ies)

As a Notify developer, I want to remove encrypted PII from the database when a redacted message reaches its final status So that everybody remains in compliance with all applicable laws and VA policies.

Additional Info and Resources

See #1357. Those changes should ensure that PII is not visible in any http response, but PII can still live in the database in encrypted form. Once a notification generated using a redacted template reaches a final status, the personalization data should be replaced in the database with "\<redacted>".

https://github.com/department-of-veterans-affairs/notification-api/blob/master/app/models.py#L1406

Engineering Checklist

• [ ] Write new test cases for process_delivery_status.
• [ ] Refactor process_delivery_status to decrypt, sanitize, and re-encrypt personalization data when updating to a final status. Note that currently the update actually happens as a side-effect in the _calculate_pricing helper function. Refactor to make the logic flow more obvious a free of side-effects. For a concise example of how to do this, see here and the following setter method.
• [ ] Make similar changes, including new tests, for e-mail notifications via process_pinpoint_receipt_tasks.py and process_ses_receipts_tasks.py.
• [ ] Update the Slide deck with the key win and a demo slide

Acceptance Criteria

• [ ] After a notification has reached final status, the personalization data being stored in our database has been updated to <redacted>

QA Considerations

• [ ] Validate as above in AC
• [ ] Consider how to automate this and create QA ticket

[mjones-oddball]

Hey team! Please add your planning poker estimate with Zenhub @babyjunior56 @EvanParish @k-macmillan @kalbfled @ldraney @nikolai-efimov

[k-macmillan]

okay to keep