Fixes an issue where the `/config` endpoint was inadvertently returning
DB passwords and other sensitive keys because the dict with sensitive
values stripped wasn’t used.

Also hides values for LMS client secrets and Airtable API keys for the
study module.