Template: Added a sha256 template function for obfuscating / anonymize PII data in e.g. the replace stage

[wardbekker]

What this PR does / why we need it:

The replace pipeline stage allows the replacement of PII values, but no obfuscating/anonymization like https://github.com/y-ken/fluent-plugin-anonymizer. By calculating the hash of a known value, you retain the possibility to query on the hashed value, so no data is lost.

See this example where typical PII data like email and SSN are replaced with a hashed value

Special notes for your reviewer:

Checklist

• Documentation added
• Tests updated

[codecov-commenter]

Codecov Report

Merging #2422 into master will decrease coverage by 0.00%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master    #2422      +/-   ##
==========================================
- Coverage   61.64%   61.64%   -0.01%     
==========================================
  Files         160      160              
  Lines       13597    13601       +4     
==========================================
+ Hits         8382     8384       +2     
- Misses       4593     4594       +1     
- Partials      622      623       +1     

Impacted Files	Coverage Δ
pkg/logentry/stages/template.go	82.75% <100.00%> (+1.27%)	⬆️
pkg/promtail/targets/file/tailer.go	76.13% <0.00%> (-2.28%)	⬇️

[adityacs]

It would be good to have an example of this in replace.md as well.

[wardbekker]

Added!

[adityacs]

👍

[cyriltovena]

Lgtm

I’d prefer the static function over the hasher.

[cyriltovena]

I think this will be better https://golang.org/pkg/crypto/sha256/#Sum256 since you don’t reuse the hasher.

The reason is shorter code but also less heap allocation for high volume.

[wardbekker]

agreed. changed!

[owen-d]

I like this, but it'd be cool if it was multi-arity. For instance, supporting | Sha256 and | Sha256 "salt".

I can followup this PR with this change myself.