Provide custom destructuring for requests and responses

[gingters]

When logging (and destructuring) requests and responses, also PII and security relevant information is logged, especially access tokens in headers or values in query strings that might contain PII.

We need to provide special destructuring classes that will replace the values of the Authorize header and the values of the query parameters with asterisks.

Hiding PII should be the default, but there should be an option to enabling PII logging just like it is possible in EF Core (paramter values).

[thomashilzendegen]

This should be part of the integration code. We use Serilog in our sample and could hide these kind of information. But as this is only a sample, no PII should be transferred over it. Otherwise we must create another project (to not have a hard dependency in the major code) and implement it there.