Redact Authorization header for --verbose logging to avoid credential leaks

[scothis]

Is your feature request related to a problem? Please describe.

The --verbose flag prints details for HTTP requests made by the cli, including the Authorization header. This header contains credentials use the authorize the request. A malicious user who has access to the logs could use that credential to impersonate the original account.

This behavior is particularly problematic when the pivnet-cli is used in a CI environment that captures and persists logs, which are often visible to multiple individuals who are not authorized to have the credential.

Describe the solution you'd like

Auth credentials should never be logged in a way that can be observed by a third-party and then refused maliciously. The content of the Authorization header should be redacted in the log output. In the case where the value is the JWT bearer token, the signature can be redacted so that the token is invalidated while the user can still inspect the header and payload content.

If and when logging the credential is desirable, the user should opt-in to that behavior with a setting that is clearly labeled as "unsafe" or "dangerous".

Describe alternatives you've considered

Many CI system attempt to redact known credentials from the log, however, the tokens used by Pivnet to authorize requests are generated and not known to the CI system as a secret.

A user could manually apply a grep filter to remove this value, but that is a high burden to place on every pivnet-cli invocation. It is also fragile as the format of the output may change again exposing the credential.

Additional context

No response