[FLINK-38815] Mask sensitive values in Pekko configuration logs

[dataengineervishal]

This PR depends on https://issues.apache.org/jira/browse/FLINK-38815

What is the purpose of the change

This pull request fixes a security issue where sensitive values in the Pekko RPC configuration were logged in plain text.

The Pekko configuration is based on Typesafe Config and was directly logged, bypassing Flink’s existing masking logic. This change ensures that sensitive values (such as passwords and secrets) are masked before being logged.

Brief change log

• Converted Pekko Config into a flat Map<String, String> using entrySet()
• Reused ConfigurationUtils.hideSensitiveValues() to mask sensitive values
• Updated debug logging to print masked configuration instead of raw config

Verifying this change

This change is already covered by existing tests.

Additionally, the fix was manually verified by enabling debug logging and confirming that sensitive fields such as key-password and trust-store-password are masked (replaced with ******) in the logs.

Does this pull request potentially affect one of the following parts:

• Dependencies (does it add or upgrade a dependency): no
• The public API, i.e., is any changed class annotated with @Public(Evolving): no
• The serializers: no
• The runtime per-record code paths (performance sensitive): no
• Anything that affects deployment or recovery: JobManager (and its components), Checkpointing, Kubernetes/Yarn, ZooKeeper: no
• The S3 file system connector: no

Documentation

• Does this pull request introduce a new feature? no

[flinkbot]

CI report:

• 32c31f6 Azure: FAILURE

Bot commands

The @flinkbot bot supports the following commands:

• @flinkbot run azure re-run the last Azure build

[dataengineervishal]

@XComp Can you please take a look and approve this?

[Samrat002]

overall looks good