New license key obfuscation algorithm

[jtduffy]

Resolves #2861 , #2813

Updates the license key obfuscation rules based on the updated spec.

Addresses edge case where license key can be exposed if it's changed while the agent is running.

Keys will now show up as follows with audit_mode on:

Connect: https://staging-collector.newrelic.com:443/agent_listener/invoke_raw_method?method=preconnect&license_key=0000000000******************************&marshal_format=json&protocol_version=17

Config payload: "license_key":"0000000000******************************"

[codecov-commenter]

Codecov Report

❌ Patch coverage is 82.35294% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 70.64%. Comparing base (26a9d2f) to head (49489b3).
⚠️ Report is 7 commits behind head on main.

Files with missing lines	Patch %	Lines
...n/java/com/newrelic/agent/util/LicenseKeyUtil.java	82.35%	1 Missing and 2 partials ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               main    #2864      +/-   ##
============================================
- Coverage     70.64%   70.64%   -0.01%     
- Complexity    10634    10637       +3     
============================================
  Files           881      881              
  Lines         42932    42945      +13     
  Branches       6497     6500       +3     
============================================
+ Hits          30330    30338       +8     
- Misses         9674     9676       +2     
- Partials       2928     2931       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[kanderson250]

In the extremely weird edge case the user deletes their license key from config after startup, the original key is still logged.

[kanderson250]

Left a comment higher originally but this test is a much better place!

I don't think this is what we want the expected behavior to be - shouldn't we be obfuscating the original request url that's passed in (since that is the data sender's actual url destination), not whatever is read from config?

If Data Sender sends in

https://staging-collector.newrelic.com:443/agent_listener/invoke_raw_method?method=connect&license_key=abcdefghijklmonpqrstuvwxyz1234567890&marshal_format=json&protocol_version=17

I would expect

https://staging-collector.newrelic.com:443/agent_listener/invoke_raw_method?method=connect&license_key=abcdefghij*****************&marshal_format=json&protocol_version=17 to come out.

[jtduffy]

Yes, I corrected this when I messing with the AIT failures. It no longer relies on the key read from config