raw password should not be present in `dump_session`

[domanchi]

Checklist

• [x] I have searched the issues of this repo and believe that this is not a duplicate.

Feature Request

pyrh.cache.dump_session is a useful feature to serialize the user's access_token and refresh_token, so that every invocation of the script does not require an active login attempt. Currently, it is formatted as such:

{
    "expires_at": "2020-12-15T19:04:20.583246+00:00",
    "challenge_type": "email",
    "device_token": "<uuid4>",
    "oauth": {
        "expires_in": 523470,
        "access_token": "<redacted>",
        "refresh_token": "<redacted>"
    },
    "username": "<redacted>",
    "password": "<redacted>"
}

This is not ideal. Since OAuth tokens are already present, the user's username and password fields should not be in this payload, as they are no longer needed. Furthermore, even though a refresh_token is akin to account access, it is riskier to have passwords in plaintext due to credentials stuffing attacks.

Please remove these fields from this output.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[stale[bot]]

Closing this issue automatically because it has not had any activity since it has been marked as stale. If you think it is still relevant and should be addressed, feel free to open a new one.