breakfix: {file./path} secret is shown in admin /config/

[yonran]

Describe the issue

When you use {file./path} in the Caddyfile and then curl localhost:2019/config/, the actual secret is output instead of just {file./path}. Other plugins only output {file./path}.

e.g.

echo MYSECRET > /tmp/a
caddy run --config /tmp/caddy_config --adapter caddyfile
curl localhost:2025/config/

        "identity_providers": [
          {
            "kind": "oauth",
            "name": "google",
            "params": {
              "client_id": "MYSECRET",
              "client_secret": "MYSECRET",
              "driver": "google",
              "realm": "google"
            }
          }
        ]

Configuration

Paste full Caddyfile below:

{
	admin localhost:2025
	debug
	# Ensure plugin directives order well
	order authenticate before respond
	order authorize before reverse_proxy

	auto_https off
	servers :8085 {
	}

	# Configure caddy-security app: Google OIDC portal and policy
	security {
		oauth identity provider google {file./tmp/a} {file./tmp/a}

		# Authentication portal issues/validates tokens; requires a signing key
		authentication portal myportal {
			crypto key sign-verify {file./tmp/a}
			enable identity provider google
		}

		# Authorization policy: verify same key and set login URL
		authorization policy mypolicy {
			set auth url /auth/
			set redirect query parameter redirect_url
			crypto key verify {file./tmp/a}
			allow email me@gmail.com
		}
	}

	log {
		level ERROR
	}
}

http://*:8085 {
	reverse_proxy localhost:9090
}

Version Information

Provide output of caddy list-modules --versions | grep -E "(auth|security)" below:

http.authentication.hashes.bcrypt v2.10.0
http.authentication.providers.http_basic v2.10.0
http.handlers.authentication v2.10.0
tls.client_auth.verifier.leaf v2.10.0
http.authentication.providers.authorizer v1.1.31
http.handlers.authenticator v1.1.31
security v1.1.31

Expected behavior

Describe expected behavior.

Additional context

Closely related to #424