Mask URL credentials in the build log

[alewmf]

This PR allows credentials in URLs written to the build log by the Git CLI client to be masked. The JGit client is not affected. The functionality is controlled by a system property, org.jenkinsci.plugins.gitclient.CliGitAPIImpl.maskUrlCredentials, and is disabled by default. When enabled, the first occurrence of a URL with credentials will have the credentials replaced by xxxxx before being written to the build log. URLs that appear in error messages are not masked to aid in pipeline troubleshooting.

For example, a URL of https://foo:[email protected]/git/my-repo.git will be written to the build log as https://[email protected]/git/my-repo.git.

Testing done

Unit tests were added to cover new and modified code, confirmed by the Jacoco report.
The change was manually tested using a pipeline that:

• has a password parameter, used in the URL for SCM operations
• retrieves a Jenkinsfile from SCM
• performs a declarative checkout
• retrieves a shared library

Submitter checklist

• Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
• Ensure that the pull request title represents the desired changelog entry
• Please describe what you did
• Link to relevant issues in GitHub or Jira
• Link to relevant pull requests, esp. upstream and downstream changes
• Ensure you have provided tests - that demonstrates feature works or fixes the issue