Define a "redactable" trait, and use it when logging guard info
This provides a better solution for #627 (closed), and may be the basis of #556 (closed).
Concernts:
- I'm not sure I like how it looks next to our our
sensitive
APIs. - It does tend to require a bunch of intermediary implementations, whereas
sensitive
doesn't. - I still have the concerns from #627 (closed) that logging 2 bytes per guard may be too much under some circumstances.
- I'm not sure that the
debug
variant is necessary; maybe callingDebug
on aRedacted
should just call Display and wrap the result as an escaped string.
Assigning review to @Diziet based on earlier comments on #627 (closed), but I wouldn't mind feedback from eta too about design here.