Add a setting to enable masking of all request / query values

[orokusaki]

Pull #322 addresses common cases, such as "password", "key", "username", etc..

However, for a HIPAA app (or just to reduce attack / leak vectors in general), we would like all values to be masked. It's nice to view requests and queries, quantities, timing, etc., while also masking all values in queries with **** to avoid the risk leaking data of any kind.

In a POST, the keys could remain, e.g., username=****, which would still be helpful information.

Thoughts on this?

EDIT: added more scope / details

[nasirhjafri]

@orokusaki Would you like to do a PR too?

[orokusaki]

@nasirhjafri sure - do you have any pointers you can give me to help speed things up, etc.?