Prevent unintended access to sensitive fields (passwords, private keys) (#876)

Make sure that fields specified in filter, sortBy, etc. are model fields
and may be accessed. This is fixes a potential security issue.

The filter() function allowed guessing the content of password hashes
one character at a time.

The sort() function allowed the user to call an arbitrary method of an
arbitrary model attribute, for example sortBy=id&sortDir=distinct would
produce an unexpected error.

lemur/roles/models.py

@@ -30,5 +30,7 @@ class Role(db.Model):
     users = relationship("User", secondary=roles_users, passive_deletes=True, backref="role")
     certificates = relationship("Certificate", secondary=roles_certificates, backref="role")
 
+    sensitive_fields = ('password',)
+
     def __repr__(self):
         return "Role(name={name})".format(name=self.name)