log densensitation in tiflash

[JaySon-Huang]

Feature Request

Is your feature request related to a problem? Please describe:

Describe the feature you'd like:

In #1277, we introduce security.redact_info_log to replace the rowkey by ? in the tiflash logging.

TiDB introduce a "marker" mode for redact pingcap/tidb#51306 since v8.1

Mark sensitive data with ‹..›. when security.redact_info_log=marker. Note that ‹ is not "less" < but U+2039. If the raw data contains ‹, ‹ will be escaped to ‹‹, similar to ›. This is a new feature:

1. TiFlash will produce logs with sensitive data marked with ‹..›
2. Cloud or OP users could desensitive logs on their own by tidb-server sub commands or whatever.

It is basically because that users want the original log, and we (primarily tech supports) should only see desensitived logs.

Describe alternatives you've considered:

Teachability, Documentation, Adoption, Migration Strategy:

[JaySon-Huang]

• client-c: security: Add "marker" mode for log densensitation tikv/client-c#184
• tiflash: security: Add "marker" mode for log densensitation #9136
• docs update:
  • tiflash: Add "marker" for security.redact_info_log in tiflash.toml docs-cn#17627
  • tiflash: Add "marker" for security.redact_info_log in tiflash.toml docs#17875
  • Update the log redaction documentation docs-cn#17835
• TiFlash-proxy adopt the "marker" from tikv update proxy of master to raftstore-proxy #9236