Transaction event redaction

When Puppet is applying resources during catalog application, it logs a large amount of information about how the system was changed, what the original state of the resource was, and what it was changed to. This is valuable for helping users understand what changes Puppet is enforcing and why those changes were made, but this is problematic when sensitive information is added to the mix. Puppet doesn't yet have a concept of sensitive information so all resource changes are logged regardless of whether the logged information needs to be protected or redacted.

In order to mitigate the exposure of sensitive information that Puppet is already managing, we need to build a concept of sensitive information and use this new information to redact sensitive information wherever possible. Our initial focus will be on the events that Puppet generates when synchronizing resources properties with sensitive information. Redacting these events will cut out sensitive information in the majority (but not necessarily all) of the Puppet runtime logs as well as the transaction report.