fix(pulsar): mark whole auth struct as sensitive (r5.0)

Fixes https://emqx.atlassian.net/browse/EMQX-9900

I tried to patch hocon itself to filter the sensitive data, but the
way it's currently structured doesn't seem to keep that field
metadata.  So, for now, we can just mark the whole auth union as
sensitive.

apps/emqx_bridge_pulsar/src/emqx_bridge_pulsar.erl

@@ -46,7 +46,14 @@ fields(config) ->
             )},
         {authentication,
             mk(hoconsc:union([none, ref(auth_basic), ref(auth_token)]), #{
-                default => none, desc => ?DESC("authentication")
+                default => none,
+                %% must mark this whole union as sensitive because
+                %% hocon ignores the `sensitive' metadata in struct
+                %% fields...  Also, when trying to type check a struct
+                %% that doesn't match the intended type, it won't have
+                %% sensitivity information from sibling types.
+                sensitive => true,
+                desc => ?DESC("authentication")
             })}
     ] ++ emqx_connector_schema_lib:ssl_fields();
 fields(producer_opts) ->