Don't log API key

[jborrey]

This PR was a good start but there was more.

Used to find where more changes were needed

~/src/bugsnag-ruby (master)$ grep -r "#{api_key}" .
./lib/bugsnag/notification.rb:        Bugsnag.warn "Your API key (#{api_key}) is not valid, couldn't notify"
./lib/bugsnag/notification.rb:        Bugsnag.log("Notifying #{endpoint} of #{@exceptions.last.class} from api_key #{api_key}")

Should not log API key since logs are not necessarily kept as secret a
environment variables. The log steam should be keeping track of which
service/box is doing the logging in order to identify which client of
the API is having issues.

Result of running spec:

Finished in 3.78 seconds (files took 0.86747 seconds to load)
130 examples, 0 failures

[kattrali]

Thank you for the contribution, @jborrey. Taking a look.

[kattrali]

This instance should probably stay; since the API key does not match the required format, its useful to compare the logged output to your actual key to correct typos. There is no data exposure for logging an incorrect key.

[jborrey]

Do you think that it is still a dangerous log line, say if someone accidentally set the Bugsnag API key to another API key or malformed API key?
Would the message not give enough information without logging the API key?

If not, I'll not remove this log line but would prefer to.

[kattrali]

It's not dangerous at all to keep it logged, really. The API key cannot be used to access your data in any way. It does seem excessive however that it is logged everywhere always.

[jborrey]

@kattrali Updated so it only removes on instance of the API key logging.

[kattrali]

Thanks! Releasing this in a patch shortly.