Remove potentially sensitive data from URLs in HTTP integration

[mydea]

Currently, the integration for outgoing HTTP requests creates span with the URL of the outgoing request as part of the span description.
However, the URL can contain senstive data - think GET /api?accessToken=XXX.

As a first step, we should strip out any query param values from there, in order to avoid sending sensitive data.

This happens both in the node SDK's HTTP integration, as well as in the browser tracing integration for fetch/xhr.

ref getsentry/develop#760

[github-actions]

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you label it Status: Backlog or Status: In Progress, I will leave it alone ... forever!

---

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀