Check our parameter sanitisation and filtering for logging & sentry

[lukeify]

We have these lines of code in our backend_base variant:

rails-template/variants/backend-base/config/template.rb

Lines 20 to 22 in 89c633c

	gsub_file "config/initializers/filter_parameter_logging.rb", /\[:password\]/ do
	"%w[password secret session cookie csrf]"
	end

These have not been touched in several years and now differs from what Rails provides. We should re-establish what our baseline is here compared to vanilla Rails. Some questions:

• How many of our filter_parameters are valid in 2024?
• How many of our filter_parameters are devise-related?
• Do we want to append to the existing Rails configuration instead of performing a gsub?
• What is the intent behind the ssn in the Rails vanilla config? (Social Security Number?)
• Does Sentry look at this file to determine its own parameter filtering?
  • If no, should we align our Sentry and logging parameterization filtering?

[G-Rath]

This is what I currently have locally to address this:

gsub_file "config/initializers/filter_parameter_logging.rb", /\+= \[\n/ do
  "+= [:password, :secret, :session, :cookie, :csrf,\n"
end

[eoinkelly]

Since our recent Rails 7.1 and 7.2 upgrades, we add 3 parameters:

rails-template/variants/backend-base/config/template.rb

Lines 19 to 21 in ae1962d

	gsub_file! "config/initializers/filter_parameter_logging.rb",
	/:ssn/,
	":ssn, :session, :cookie, :csrf"

I assume :ssn is the American Social Security Number.

I'm not sure what purpose our additions serve in 2024. Please add a comment if you have a use-case for them. I think we should 1) remove any we can't make a case for and 2) document those we can.