[Bug]: Add central secret redaction filter to FLUID logging

## Problem
Secret safety currently depends too much on logging discipline at individual call sites. A single careless `logger.debug(...)` with connection params, tokens, passwords, or key fragments could leak credentials into logs.

## What should be fixed
- Add a central `SecretRedactingFilter(logging.Filter)` under `fluid_build/observability/secret_redactor.py`.
- Redact common credential patterns such as `password=...`, `SNOWFLAKE_PASSWORD=...`, `private_key=...`, `oauth_token=...`, JWT-like tokens, `AWS_SECRET_ACCESS_KEY=...`, and GCP service-account JSON fragments.
- Attach the filter to the root FLUID logger at CLI startup.
- Cover both formatted-string and argument-based logging forms in tests.
- Add a small integration test that proves a deliberately leaky log message gets scrubbed.

## Why now
This is a defense-in-depth fix with a very favorable effort-to-risk-reduction ratio.

## Trello reference
https://trello.com/c/KlmJKEwb/47-p0-security-central-secret-redacting-log-filter

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug]: Add central secret redaction filter to FLUID logging #47

Problem

What should be fixed

Why now

Trello reference

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Bug]: Add central secret redaction filter to FLUID logging #47

Description

Problem

What should be fixed

Why now

Trello reference

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions