Stop publishing MTLS private keys
Currently when certifications are submitted the MTLS private keys are I think published in at least two places:
- The test configuration
- When calling endpoints
- Possibly in other places like MTLS tests
Given we have the MTLS certificate, there's no real need to publish the actual private key, and it's probably not good if valid MTLS credentials for various production ecosystems are available (we do tell people to revoke them, but I can imagine instances where revocation goes wrong).
We can probably just stop including it in the logging when calling the endpoints, and make sure the test configuration isn't made publicly available for a published test (I think it's not obviously shown in the UI, but is present in the first log entry). A possible (though potentially fragile) alternative would be to remove the keys from the config before logging it.