Prevent unintended access to sensitive fields (passwords, private keys) (#876)

Make sure that fields specified in filter, sortBy, etc. are model fields
and may be accessed. This is fixes a potential security issue.

The filter() function allowed guessing the content of password hashes
one character at a time.

The sort() function allowed the user to call an arbitrary method of an
arbitrary model attribute, for example sortBy=id&sortDir=distinct would
produce an unexpected error.

lemur/certificates/models.py

@@ -125,6 +125,8 @@ class Certificate(db.Model):
     endpoints = relationship('Endpoint', backref='certificate')
     rotation_policy = relationship("RotationPolicy")
 
+    sensitive_fields = ('private_key',)
+
     def __init__(self, **kwargs):
         cert = lemur.common.utils.parse_certificate(kwargs['body'])