Strip personally identifiable information from user table for unauthorized users.

- add a config option to explicitly enumerate pii fields beyond email
- in query controller, strip pii of user table results before sending out the door.

src/cli/definitions/parse-server.js

@@ -160,6 +160,10 @@ export default {
     help: "Max file size for uploads.",
     default: "20mb"
   },
+  "userSensitiveFields": {
+    help: "Personally identifiable information fields in the user table the should be removed for non-authorized users.",
+    default: "email"
+  },
   "sessionLength": {
     env: "PARSE_SERVER_SESSION_LENGTH",
     help: "Session duration, defaults to 1 year",