x-pack/filebeat/input/cel: allow users to redact state fields in logs

[efd6]

What does this PR do?

This add logic, configuration and documentation for redacting parts of pre- and post-processing CEL state when logging state to debug logs. The configuration allows users to specify fields that should not be entered into logs and whether these fields should be masked or deleted from the logged object.

Why is it important?

Leaking secrets to debug logs is a significant attack surface.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

• [ ]

How to test this PR locally

Related issues

Use cases

Screenshots

Logs

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-01-27T09:54:17.812+0000

• Duration: 75 min 32 sec

Test stats 🧪

Test	Results
Failed	0
Passed	2547
Skipped	172
Total	2719

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[efd6]

The golangci-lint action is wrong with its complaint.

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b cel/redact upstream/cel/redact
git merge upstream/main
git push upstream cel/redact

[efd6]

/test

[efd6]

/test

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b cel/redact upstream/cel/redact
git merge upstream/main
git push upstream cel/redact

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b cel/redact upstream/cel/redact
git merge upstream/main
git push upstream cel/redact

[andrewkroh]

LGTM

[andrewkroh]

If you wanted the data to remain in a structured format and do it lazily you could implement https://pkg.go.dev/go.uber.org/zap@v1.24.0/zapcore#ObjectMarshalerFunc.MarshalLogObject. I don't have any preference.

[efd6]

The recommended approach for doing that does not really simplify things from what I can see. This is from zap issue 750.