fix(inputs.postgres*)!: Prevent leaking sensitive data in server tag

[srebhan]

Summary

The current implementation of SanitizedAddress() does not handle quoted parameter values containing spaces or equal signs (e.g. host=localhost user=john password='a secret=good'). Additionally to those issues, the parsing of URI connection strings is completely broken for spaces and equal signs as values containing those need to be single-quoted which does not happen. Furthermore, that function escapes "special characters" (space, backslash and single-quote) which subsequently breaks the sanitize function.

This PR adds unit-tests for both of the mentioned functions. It also removes the useless escaping of spaces during URI handling and replaces this part by quoting the value. Finally, the PR improves the regular-expression used to remove sensitive data to correctly handle quoted values, equal-signs and other corner cases.

Checklist

• No AI generated code was used in this PR

Related issues

[james-johnston-thumbtack]

I am the person who originally reported this issue. I didn't look closely at the updated implementation, but glancing through the new test cases, it makes sense to me and seems to be working.

[powersj]

I am of course weary when we make these larger changes to fix an issue. Can you please add a note the change log about this change as it is breaking tags for some small percentage of users.

I would also like to land this in 1.30 and not 1.29.5. Agreed?

[jdstrand]

I think the PR looks fine overall. I didn't desk check the sanitizer but the existing tests show it is working better. Marking as 'request changes' since I'd like to see even more tests for this (there is an opportunity to refactor to make that better as well as a question on zero-ing out addr).

[srebhan]

@jdstrand I hopefully addressed your comments. If I got things wrong, please let me know!

[telegraf-tiger]

Download PR build artifacts for linux_amd64.tar.gz, darwin_arm64.tar.gz, and windows_amd64.zip.
Downloads for additional architectures and packages are available below.

👍 This pull request doesn't change the Telegraf binary size

📦 Click here to get additional PR build artifacts

Artifact URLs

DEB	RPM	TAR GZ	ZIP
amd64.deb	aarch64.rpm	darwin_amd64.tar.gz	windows_amd64.zip
arm64.deb	armel.rpm	darwin_arm64.tar.gz	windows_arm64.zip
armel.deb	armv6hl.rpm	freebsd_amd64.tar.gz	windows_i386.zip
armhf.deb	i386.rpm	freebsd_armv7.tar.gz
i386.deb	ppc64le.rpm	freebsd_i386.tar.gz
mips.deb	riscv64.rpm	linux_amd64.tar.gz
mipsel.deb	s390x.rpm	linux_arm64.tar.gz
ppc64el.deb	x86_64.rpm	linux_armel.tar.gz
riscv64.deb		linux_armhf.tar.gz
s390x.deb		linux_i386.tar.gz
		linux_mips.tar.gz
		linux_mipsel.tar.gz
		linux_ppc64le.tar.gz
		linux_riscv64.tar.gz
		linux_s390x.tar.gz

[jdstrand]

Thanks for the updates! I have one separate comment about reverting 6f322d3 if you think it will cause a problem. Approving as is and feel free to commit if you revert 6f322d3.

[srebhan]

@jdstrand I don't think using the temporary string is a problem, so let's try as-is.