bug: mark password as sensitive in install.json

This commit marks `password` as sensitive in the install.json bolt task
param metadata.

This prevents password from being shown in plaintext, in the bolt logs.

before:
```
Running task puppet_agent::install with '{"retry":5,"collection":"puppetcore8","version":"latest","password":"1234","_task":"puppet_agent::install"}' on [".."]
```

after:
```
Running task puppet_agent::install with '{"retry":5,"collection":"puppetcore8","version":"latest","password":"Sensitive [value redacted]","_task":"puppet_agent::install"}' on [".."]
```

Author: jordanbreen28

task_spec/spec/acceptance/init_spec.rb

@@ -266,6 +266,22 @@ def latest_sources
         expect(res).to include('status' => 'success')
         expect(res['value']['_output']).to match(%r{Puppet Agent #{installed_version} detected. Nothing to do.})
       end
+
+      # Verify that the password is not in the output
+      config = bolt_config.merge!(
+        'log' => {
+          'console' => {
+            'level' => 'debug'
+          }
+        },
+      )
+
+      results = run_task('puppet_agent::install', 'target', { 'collection' => puppet_8_collection, 'password' => '1234' }, config: config)
+      results.each do |res|
+        puts res
+        expect(res).to include('status' => 'success')
+        expect(res['value']['_output']).to match(%r{"password":\"Sensitive [value redacted]\"})
+      end
     end
   end
 end

tasks/install.json

@@ -48,6 +48,7 @@
     },
     "password": {
       "description": "The password to use when downloading from a source location requiring authentication",
+      "sensitive": true,
       "type": "Optional[String]"
     }
   },