Missing documentation on Logging can lead to privacy issues

[chbiel]

Description

We found out, by accident, that setting the Logger of gorm to the "wrong" level (or any level beside SILENT) can lead to critical privacy issues.

This can lead to big issues e.g. when you need to be compliant with GDPR for example but also in general because GORM will log potentially sensitive data when enabling logging at all.
Maybe it is only in combination with the SlowThreshold but I am not sure.

The main reasons from my opinion are:

• Logging always seem to includes the raw SQL statements: https://github.com/go-gorm/gorm/blob/master/logger/logger.go
• The documentation (https://gorm.io/docs/logger.html) is very limited and does not say something about what happens when I set the logging level to e.g. "WARN" or one of the other levels beside "SILENT". It should be more clear, that in that case queries will ALWAYS be logged in clear text, containing the full query without parameters or something.

I propose following solution(s):

• By default only log parameterized SQL statements without any data / value
• Add another property to the logged that controls if SQL statements should be logged in raw format (default: false)
• Extend the documentation to be more clear about the consequences when using the logger

I would love to discuss this

[jinzhu]

Maybe we can implement another logger for 1, 2? and add a clear description on https://gorm.io/docs/logger?

can you create a PR on https://github.com/go-gorm/gorm.io?