Wrap authentication calls in try catch to avoid leaking error

[luos]

Proposed Changes

Hi,

During a review we checked what could happen if the authentication fails with an exception. It is possible that because of a bug or some other issue (backend unavailable), authentication fails with an exception. This info is not displayed back to the user, however it can leak credentials into logs.

We'd like to propose to either wrap the authentication calls with a try catch to throw away the Stacktrace, or to turn on the sensitive process flag.

Here, we prepared the Stacktrace pruning version.

Let us know what you think. I am happy to add a test as well, though it was unclear to me where it should go.

In my manual tests, before the connection would fail with a TCP disconnect, now it fails with an authentication failure.

I do not think this is a breaking change.

This PR was created as part of a security audit made on behalf of LKAB.

Types of Changes

What types of changes does your code introduce to this project?
Put an x in the boxes that apply

• Bug fix (non-breaking change which fixes issue #NNNN)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause an observable behavior change in existing systems)
• Documentation improvements (corrections, new content, etc)
• Cosmetic change (whitespace, formatting, etc)
• Build system and/or CI

Checklist

Put an x in the boxes that apply.
You can also fill these out after creating the PR.
If you're unsure about any of them, don't hesitate to ask on the mailing list.
We're here to help!
This is simply a reminder of what we are going to look for before merging your code.

• I have read the CONTRIBUTING.md document
• I have signed the CA (see https://cla.pivotal.io/sign/rabbitmq)
• I have added tests that prove my fix is effective or that my feature works
• All tests pass locally with my changes
• If relevant, I have added necessary documentation to https://github.com/rabbitmq/rabbitmq-website
• If relevant, I have added this change to the first version(s) in release-notes that I expect to introduce it

Further Comments

If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc.

[michaelklishin]

@luos please rebase this on top of master.

[michaelklishin]

This PR is 38 commits behind master now and I think that's why it runs into Bazel failures on CI.

[luos]

Thank you for checking it, I just rebased it on top of master.

[lukebakken]

Hopefully CI will pass 🤞

[michaelklishin]

Backported to v3.9.x manually.