We should redact the Application Service access tokens from DEBUG logging produced by `synapse.http.proxyagent`

[reivilibre]

The Application Services spec requires an access_token URL parameter for authorisation.

Setting a DEBUG log level means that synapse.http.proxyagent will log these access tokens in the URLs that it logs (possibly only if a HTTP proxy is in use?).

It would be nice if they were redacted so that it's one less thing to trip homeserver admins up on when sharing debug logs for diagnosing issues.
I think we do something similar for incoming Client-Server API requests already.

[richvdh]

or we should just stop putting access tokens in query params, because that is a terrible idea.

matrix-org/matrix-spec#923

[richvdh]

(if it wasn't for the forthcoming OAuth2 work, I'd already have gone postal and ripped out support for access tokens in query-params in C-S APIs. I'm not keen on adding more fudges to work around this particular bit of idiocy.)

[reivilibre]

Ooh yes there's an MSC: matrix-org/matrix-spec-proposals#2832