Remove sensitive information from debug log

Config.toString() method is dumped when logging in debug the conf.
It includes in some case the profile api key when used with env vars.
Also proxy password is also dumped.
toString method generated by Lombok now excludes both fields

dd-trace-api/src/main/java/datadog/trace/api/Config.java

@@ -38,7 +38,7 @@ import lombok.extern.slf4j.Slf4j;
  * system property, but uppercased with '.' -> '_'.
  */
 @Slf4j
-@ToString(includeFieldNames = true)
+@ToString(includeFieldNames = true, exclude = {"profilingApiKey", "profilingProxyPassword"})
 public class Config {
   /** Config keys below */
   private static final String PREFIX = "dd.";

dd-trace-api/src/test/groovy/datadog/trace/api/ConfigTest.groovy

@@ -406,6 +406,19 @@ class ConfigTest extends DDSpecification {
     config.profilingApiKey == "test-api-key"
   }
 
+  def "sensitive information removed for toString/debug log"() {
+    setup:
+    environmentVariables.set(DD_PROFILING_API_KEY_ENV, "test-secret-api-key")
+    environmentVariables.set(PROFILING_PROXY_PASSWORD, "test-secret-proxy-password")
+
+    when:
+    def config = new Config()
+
+    then:
+    !config.toString().contains("test-secret-api-key")
+    !config.toString().contains("test-secret-proxy-password")
+  }
+
   def "sys props override env vars"() {
     setup:
     environmentVariables.set(DD_SERVICE_NAME_ENV, "still something else")