[azure-core] Authorization header should be un-redacted if using NetworkTraceLoggingPolicy

[kristapratico]

https://github.com/Azure/azure-sdk-for-python/blob/master/sdk/core/azure-core/azure/core/pipeline/policies/_universal.py#L283-L284

Guideline: https://azure.github.io/azure-sdk/python_implementation.html#python-logging-debug

According to guidelines/docs, we should expect to see sensitive information logged if opting into this policy / setting level to DEBUG.

[lmazuel]

@johanste event the authorization token? I feel nervous about that?

[johanste]

The intent is for the network trace to help debug issues. I understand your concern. The problem is that they way the network tracing works, we will play whack-a-mole with sensitive information unless we use the same strategy as the "normal" info level log where we have an explicit allow-list.

We can continue with that effort, but at the end of the day, we are not making guarantees that no sensitive information is ever added to logs (i.e. in the request or response body). My concerns with this is that it sort-of-kind-of looks like we are trying to redact all sensitive information that will give developers a false sense of security.

Having said that, I don't have a strong opinion on this.

[xiangyan99]

#17271

[xiangyan99]

#17424

[xiangyan99]

Fixed.