Policy on logging sensitive data

[JeremyRand]

In some cases, an end user will want to log data that is specific to visited .bit websites (e.g. to figure out why a site is broken). In other cases (the default), an end user doesn't want sensitive data (e.g. which sites have been visited) to be logged.

We should come up with a policy for which logging verbosity levels are allowed to log sensitive data.