Make mask-password the Default Behaviour

[therealdwright]

Is your feature request related to a problem? Please describe.
When running the amazon-ecr-login action with mask-password set to false
credentials can be leaked to std-out via either explicitly printing them or running
the action in DEBUG mode. This is a security concern as it means that users are
able to obtain access to users (often privileged ones) that have access to push
to ECR registries, potentially implanting malicious code if the registry does not use
immutable tags.

Describe the solution you'd like
I would like to introduce a breaking change that switches mask-password to true
as it is the more secure option. I would like to go one step further and remove the
ability not to mask the password at all if the maintainers will allow it.

Describe alternatives you've considered
N/A - it is considered a security best practise to mask secrets from logs for obvious
reasons.

Additional context
Implementing this change is breaking as there are a number of users who depend on
the ability to share the docker password between jobs as evidenced by previous
attempts to implement this feature. Masking the password prevents this behaviour
so this change should be considered breaking.

[lounsbrough]

I 100% agree with this, masking the credentials should be default, and ideally not masking should not even be allowed. There should be better (more secure) ways to share credentials between jobs then outputting them from this job step.

[pascalgulikers]

Curious about a better solution to share credentials between jobs. Until then: showing that you can the find keys to my house in the garden is not really desirable. See: #496

[bplessis-swi]

Curious about a better solution to share credentials between jobs.

Yeah, especially thoses jobs running on a container fetched from ECR ...
Other composite jobs could login to ECR multiple time but when the container has to be fetched by GHA that's no fun