br: redact secret strings when logging arguments

[kennytm]

What problem does this PR solve?

Issue Number: close #57585

Problem Summary: Some values from the command line are not properly redacted.

What changed and how does it work?

In additional to the existing handling for --storage, we also apply redaction to the following parameters:

• --full-backup-storage
• --crypter.key
• --log.crypter.key
• --azblob.encryption-key
• --master-key (the current implementation of this may be too conservative)

Check List

Tests

• [x] Unit test
• [ ] Integration test
• [ ] Manual test (add detailed scripts or steps below)
• [ ] No need to test

  • [ ] I checked and no code files have been changed.

Side effects

• [ ] Performance regression: Consumes more CPU
• [ ] Performance regression: Consumes more Memory
• [ ] Breaking backward compatibility

Documentation

• [ ] Affects user behaviors
• [ ] Contains syntax changes
• [ ] Contains variable changes
• [ ] Contains experimental features
• [ ] Changes MySQL compatibility

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

When invoking BR in command line with secret keys passed directly from arguments, they are no longer printed as plaintext in the log.

[tiprow[bot]]

Hi @kennytm. Thanks for your PR.

PRs from untrusted users cannot be marked as trusted with /ok-to-test in this repo meaning untrusted PR authors can never trigger tests themselves. Collaborators can still trigger tests on the PR using /test all.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 74.5370%. Comparing base (c091dba) to head (6d0f592). Report is 9 commits behind head on master.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #57593 +/- ## ================================================ + Coverage 72.8033% 74.5370% +1.7336% ================================================ Files 1676 1691 +15 Lines 463631 463740 +109 ================================================ + Hits 337539 345658 +8119 + Misses 105278 96607 -8671 - Partials 20814 21475 +661 ``` | [Flag](https://app.codecov.io/gh/pingcap/tidb/pull/57593/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pingcap) | Coverage Δ | | |---|---|---| | [integration](https://app.codecov.io/gh/pingcap/tidb/pull/57593/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pingcap) | `46.5600% <100.0000%> (?)` | | | [unit](https://app.codecov.io/gh/pingcap/tidb/pull/57593/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pingcap) | `72.2263% <0.0000%> (+0.0333%)` | :arrow_up: | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pingcap#carryforward-flags-in-the-pull-request-comment) to find out more. | [Components](https://app.codecov.io/gh/pingcap/tidb/pull/57593/components?src=pr&el=components&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pingcap) | Coverage Δ | | |---|---|---| | [dumpling](https://app.codecov.io/gh/pingcap/tidb/pull/57593/components?src=pr&el=component&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pingcap) | `52.7673% <ø> (ø)` | | | [parser](https://app.codecov.io/gh/pingcap/tidb/pull/57593/components?src=pr&el=component&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pingcap) | `∅ <ø> (∅)` | | | [br](https://app.codecov.io/gh/pingcap/tidb/pull/57593/components?src=pr&el=component&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pingcap) | `61.0088% <100.0000%> (+15.5583%)` | :arrow_up: |

---

🚨 Try these New Features:

• Flaky Tests Detection - Detect and resolve failed and flaky tests
• JS Bundle Analysis - Avoid shipping oversized bundles

[ti-chi-bot[bot]]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: 3pointer, BornChanger

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[br/OWNERS](https://github.com/pingcap/tidb/blob/master/br/OWNERS)~~ [3pointer,BornChanger] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[ti-chi-bot[bot]]

[LGTM Timeline notifier]

Timeline:

• 2024-11-21 10:21:00.580481009 +0000 UTC m=+113448.200135524: :ballot_box_with_check: agreed by BornChanger.
• 2024-11-21 10:25:46.527449073 +0000 UTC m=+113734.147103585: :ballot_box_with_check: agreed by 3pointer.

[ti-chi-bot]

In response to a cherrypick label: new pull request created to branch release-6.5: #57601.

[ti-chi-bot]

In response to a cherrypick label: new pull request created to branch release-7.1: #57602.

[ti-chi-bot]

In response to a cherrypick label: new pull request created to branch release-7.5: #57603.

[ti-chi-bot]

In response to a cherrypick label: new pull request created to branch release-8.1: #57604.

[ti-chi-bot]

In response to a cherrypick label: new pull request created to branch release-8.5: #57605.

[ti-chi-bot]

In response to a cherrypick label: new pull request created to branch release-6.1: #57606.