Move password masking out of logging clients where possible (#2762)

Move password masking functionality into LoggerController.

The is a more aggresive approach to masking password string in the logs.

Cleaning the url is still in the PromiseRouter because picking it out of the log string
would be fragile.

This will cause more log messages to be scanned for password strings, and may cause a password
string to be obsfucated that is not neccesarily part of parse internals -- but i think that is
still a good thing....

see: #2755 & #2680

spec/WinstonLoggerAdapter.spec.js

@@ -97,20 +97,4 @@ describe('verbose logs', () => {
       done();
     })
   });
-
-  it("should not mask information in non _User class", (done) => {
-    let obj = new Parse.Object('users');
-    obj.set('password', 'pw');
-    obj.save().then(() => {
-      let winstonLoggerAdapter = new WinstonLoggerAdapter();
-      return winstonLoggerAdapter.query({
-        from: new Date(Date.now() - 500),
-        size: 100,
-        level: 'verbose'
-      });
-    }).then((results) => {
-      expect(results[1].body.password).toEqual("pw");
-      done();
-    });
-  });
 });