[feature] Hide sensitive data from machine logs

[rothgar]

Problem Description

If I open the Omni home page my join token is obscured/hidden so that it is not accidentally exposed. The same security concern (unauthenticated people joining machines to my omni instance) also happens if I expose my factory schema.

Factory schema is printed as output on machine logs during installation and someone can use that schema to download my installation media and extract my join token.

Solution

Machine logs should filter/hide factory schema. This is probably needed from the Omni UI as well as omnictl machine-logs

Alternative Solutions

We could add authentication to factory endpoints that use an omni join token. I don't think that's feasible because of all the different ways the factory can be used (eg PXE)

Notes

No response