JSON report improvements - mask sensitive headers and payload nodes

[ptrthomas]

split #397 as it was half-complete

quoting:

• maskRequestHeaders: ['Authorization', 'SomeOtherSecretHeader'] - header will still be shown but the content replaced with ***
• maskResponseHeaders - like above
• maskRequestPaths: ['$.password', '$..ssnId'] - this will replace the payload values with ***
• maskResponsePaths - like above

[ptrthomas]

re-evaluating - there are some concerns. we can never have a foolproof way to mask sensitive info, especially if a bug or user-error emits info in a log or stack-trace.

potentially the project will be blamed if this results in a security breach somewhere.

with #450 we can switch off html report log / steps.

community contribution may help, but closing for now.