fix: make trusted_domains and overwrite.cli.url sensitive config values

[jmechnich]

• Resolves: [Bug]: occ config:list system does not redact trusted_domains and overwrite.cli.url #45080

Summary

Add trusted_domains and overwrite.cli.url to the list of sensitive configuration parameters.

Checklist

• Code is properly formatted
• Sign-off message is added to all commits
• Tests (unit, integration, api and/or acceptance) are included
• Screenshots before/after for front-end changes
• Documentation (manuals or wiki) has been updated or is not required
• Backports requested where applicable (ex: critical bugfixes)

[nickvergessen]

I'm still against this. Especially if it will result in people asking for the uncensored report to find out about broken URLs.
The only way to convince me would be to add some sensitive check that shows whether the URLs are valid, overwrite.cli.url is within the array, contains the protocol and whether it contains a path

[jmechnich]

@nickvergessen
I can see why, from a developer’s perspective, it would be ideal to have as much information available as possible e.g. when a user opens a new issue.
However, from a user’s perspective, given that there is already a large amount of automation implemented in this process, it appears incomplete to me that I’d still have to go over the configuration dump and change those fields that at least I do not necessarily want to make public (the “principle of least astonishment” comes to mind too but that might be subjective).
If you feel that misconfigurations of one of those fields are a common source of error, you are probably right that there should be a check implemented for it, either on configuration load (so without explicit user interaction) or triggered explicitly by one of the occ *check commands, for example.
Thanks for discussing this!

[nickvergessen]

I'll add it on my todo for the next hackweek

[nickvergessen]

Draft at #45382