cmdline: warn about redacting suspicious arguments

This foollows on from !3691 (comment 1979641908)

Now samba-tool do-thing --bypass-checks --password secret007 will print a warning if --bypass-checks is not known to be either safe or secret. The hope is the developer adding the option will notice and add it to the appropriate list.

A misspelt --passwrod will also print the warning in Python tools but not in C tools. That's because the C tools parse argv before passing it on for redaction, while Python takes a copy of sys.argv and redacts that before the arguments are parsed. In both cases you should also see --help like usage advice.

Checklist

• Commits have Signed-off-by: with name/author being identical to the commit author
• (optional) This MR is just one part towards a larger feature.
• (optional, if backport required) Bugzilla bug filed and BUG: tag added
• Test suite updated with functionality tests
• Test suite updated with negative tests
• Documentation updated
• CI timeout is 3h or higher (see Settings/CICD/General pipelines/ Timeout)

Reviewer's checklist:

• There is a test suite reasonably covering new functionality or modifications
• Function naming, parameters, return values, types, etc., are consistent and according to README.Coding.md
• This feature/change has adequate documentation added
• No obvious mistakes in the code