fix: mask sensitive fields

[ysinghc]

Why submit this pull request?

• Bugfix
• New feature provided
• Improve performance
• Backport patches

What changes will this PR take into?

This PR enhances security by masking sensitive data fields in the APISIX Dashboard UI:

Changes Made:

1. New PasswordInput Component (PasswordInput.tsx)

   • Created a reusable form component for sensitive data fields
   • Built on Mantine's PasswordInput with proper form validation integration
   • Supports reveal/hide toggle for user convenience while maintaining security

2. Updated Secret Management Forms (FormPartSecret.tsx)

   • Replaced TextInput with PasswordInput for sensitive fields:
     • Vault secrets: token field
     • AWS secrets: access_key_id, secret_access_key, session_token fields
     • GCP secrets: private_key field

3. Updated Settings Modal (SettingsModal.tsx)

   • Changed Admin Key input from TextInput to PasswordInput
   • Prevents accidental exposure of admin credentials

4. Updated E2E Tests

   • Modified test selectors in auth.spec.ts to work with PasswordInput component
   • Updated test.ts authentication helper to use proper selectors

5. Code Consistency (i18n.ts)

   • Reordered import statements alphabetically for better maintainability

Security Benefits:

• Passwords, tokens, and keys are now masked by default
• Reduces risk of shoulder surfing and accidental exposure
• Maintains usability with toggle visibility option
• Consistent UX across all sensitive field inputs

Related issues

fixes #3218

Checklist:

• Did you explain what problem does this PR solve? Or what new features have been added?

  • Problem: Sensitive data (passwords, API keys, tokens) was displayed in plain text in form fields, creating a security risk
  • Solution: Implemented masked password inputs with toggle visibility for all sensitive fields

• Have you added corresponding test cases?

  • Updated E2E tests in auth.spec.ts and test.ts to work with the new PasswordInput component

• Have you modified the corresponding document?

  • No documentation changes required as this is a UI improvement that doesn't change the API or user workflows

• Is this PR backward compatible? If it is not backward compatible, please discuss on the mailing list first

  • Yes, fully backward compatible. This change only affects the UI rendering of form inputs. All data handling, API interactions, and existing configurations remain unchanged.

[Baoyuantop]

Another test is needed to verify the password input field switching between showing and hiding.

[ysinghc]

I will add it asap. I am having troubles testing my changes cause my docker container keeps on crashing mid tests, so it might take some time.
sorry for the sloppyness in this PR I will ensure the quality in future contributions.