Mask secrets in logs

[zenbanffy]

There is always a risk of leaking secrets to logs. It'd be cool if Samson could censor logs where secrets appear, to prevent accidental leakage, as well as flag those instances for further review.

[grosser]

Ideally it would do that check before printing each line too ?
Then should also do it for the consolidated log once the deploy is finished.
It would check all used secrets values against the log.

I'm a little worried that this will get expensive, but maybe it's not too bad.
Another issue would be that the flow of the deploy needs to change, since we then cannot simply replace the secrets but have to keep track of them (env used + commands used)

/cc @zendesk/bre