Improve configuration censorship in the default development error page

[whosgonna]

Allow modules to add specific configuration keys to be censored, as suggested by @racke on this issue from Dancer2::Plugin::Auth::Extensible::Provider::LDAP where the ldap account bind password is displayed in he configuration file dump on an error.

[whosgonna]

I'd like to revisit this, if possible. I wrote a small patch that would allow a config parameter of config_censor that could take an array ref of additional key names for which the value would be censored. For example, the aforementioned bindpw in D2PAE::LDAP is currently uncensored. With the patch, the following could be added to the Dancer2 config file, so that any key of bindpw and auth_key would be redacted when dumping the config in the error message:

config_censor:
    - bindpw
    - auth_key

It's probably still a good idea to have a way that modules can indicate keys to be redacted as well, but there are always potential for non-module credentials to be passed into config for a variety of reasons, so manually indicating what should be redacted like this is probably a good idea anyhow.

Note that this DOES keep the current builtin list of patterns to exclude, /(pass|card?num|pan|secret)/i. The arrayref is just additional keys to redact.