Implement logs anonymization

[gtema]

We need to check whether logs contain sensitive information before we upload them to the storage. One potential idea would be to use trivy with following trivy-secret.yaml

rules:
  - id: openstack-application-credential
    category: OpenStack
    title: Application Credential
    severity: CRITICAL
    keywords:
      - application_credential_secret
    regex: (?i)['"]?application_credential_secret['"]?\s*(=|:)\s*['"]?(?P<secret>[0-9a-zA-Z\-_=]{8,90})['"]?
    secret-group-name: secret
  - id: password-credential
    category: General
    title: Password
    severity: CRITICAL
    keywords:
      - password
    regex: (?i)['"]?password['"]?\s*(=|:)\s*['"]?(?P<secret>[0-9a-zA-Z\-_=]{8,90})['"]?
    secret-group-name: secret
  - id: auth
    category: General
    title: HTTP Authorization
    severity: CRITICAL
    keywords:
      - Authorization
    regex: (?i)authorization:\s*['"]?(?P<type>\w+)\s(?P<secret>[0-9a-zA-Z\-_=]{8,90})['"]?
    secret-group-name: secret

Unfortunately it only reports findings with suggestions how to replace the line, but does not the replacing itself.

Maybe there are other tools out there, but we definitely need to be able to tune what to check (since i.e. application_credentials are pretty unique to OpenStack)