fix: don't output diffs for sensitive values in Ansible diff mode

What does this MR do?

It's fairly usual for Ansible users to use the --diff command line argument to emit the differences between the existing configuration and the changes Ansible will make after running.

Very often this can be used alongside --dry-run to verify changes before executing them.

Additionally, --diff provides an audit trail for changes made during an Ansible run.

However, at present GET emits secrets and other sensitive values in this output. This can be disabled using the diff: False attribute on tasks, which, like the sensitive attribute in Terraform ensures that sensitive values are not emitted to logs of elsewhere.

Related issues

Author's checklist

When ready for review, the Author applies the workflowready for review label and mention @gl-quality/get-maintainers:

• Merge request:
  • Corresponding Issue raised and reviewed by the GET maintainers team.
  • Merge Request Title and Description are up to date, accurate, and descriptive
  • MR targeting the appropriate branch
  • MR has a green pipeline
• Code:
  • Check the area changed works as expected. Consider testing it in different environment sizes (1k,3k,10k,etc.).
  • Documentation created/updated in the same MR.
  • If this MR adds an optional configuration - check that all permutations continue to work.
  • For Terraform changes: setup a previous version environment, then run a terraform plan with your new changes and ensure nothing will be destroyed. If anything will be destroyed and this can't be avoided please add a comment to the current MR.
• Create any follow-up issue(s) to support the new feature across other supported cloud providers or advanced configurations. Create 1 issue for each provider/configuration. Contact the Quality Enablement team if unsure.