Make the default sensitive history scrubbing function a little smarter

[daxian-dbw]

PR Summary

Fix #1840

Combining the regular expression matching and AST analysis, to make the default sensitive history scrubbing function a little smarter, so that:

1. Allow the use of a variable with sensitive name, unless it's on the left-hand side of an assignment with the right-hand side to be an expression value.

   ## these are fine
   $token = Get-Secret -Name github-token -Vault MySecret
   [MyType]::CallRestAPI($token, $url, $args)
   
   ## this is considered sensitive
   $token = "sdv87ysdfayf798hfasd8f7ha"
   

2. Allow cmdlets from the SecretManagement module, except for Set-Secret, which is highly likely to expose sensitive information.
3. Allow parameter with sensitive name if it's likely a switch parameter, or the argument of it is a variable or a command invocation.

   ## these are fine
   Send-WebhookEvent -UseDefaultPassword
   Invoke-RemoteCommand -Password $pwd -SavePassword
   Invoke-WebRequest -Token (Get-Secret mytoken)
   
   ## this is considered sensitive
   ConvertTo-SecureString stringValue -AsPlainText
   Invoke-WebRequest -Token xxx
   

The examples from #1840 are used as test cases. Take a look at the added tests to find more examples.

PR Checklist

• PR has a meaningful title
  • Use the present tense and imperative mood when describing your changes
• Summarized changes
• Make sure you've added one or more new tests
• Make sure you've tested these changes in terminals that PowerShell is commonly used in (i.e. conhost.exe, Windows Terminal, Visual Studio Code Integrated Terminal, etc.)
• User-facing changes
  • Not Applicable
  • OR
  • Documentation needed at PowerShell-Docs
    • Doc Issue filed: Document the default behavior of sensitive history scrubbing in PSReadLine MicrosoftDocs/PowerShell-Docs#8216

Microsoft Reviewers: Open in CodeFlow

[ghost]

🎉 v2.2.0-beta4 has been released which incorporates this pull request. 🎉