Support marking options as secret to avoid printing by CLI

[rliebz]

Is your feature request related to a problem? Please describe.

While it is currently possible to avoid printing shell commands through use of the print clause, it would be nice to flag that at the variable level so it happens automatically.

Describe the solution you'd like

There could be a secret flag attached to options that would cause it to get masked when printed, either as ${varname} without interpolation or something like *****.

tasks:
  foo:
    options:
      my-password:
        usage: Secret to pass to an application
        secret: true
    run:
      command: cmd --password ${my-password}

Additional context

See https://github.com/rliebz/tusk/issues/54#issuecomment-524227781

[cuotos]

I noticed this is achieved in github actions by simply applying a regex while writing to the log output. This could be a possible approach.

While it means you'll catch all occurrences and don't accidentally print the secret, if the same string is ever printed innocently it also gets masked out. (learnt this the hard way when testing with password set to "password")