Merge branch 'en/sensitive-data-removal'

Add a new --sensitive-data-removal option to assist users trying to
perform sensitive data removals.  In particular, this mode
  * automatically fetches other refs (in case the user has some outside
    of the default branches and tags that clone grabs that need to be
    rewritten as well)
  * tracks the First Changed Commit(s) (i.e. commits that were modified
    whose parents were NOT modified), and reports it to the user.  This
    information can (1) help collaborators check to ensure they have
    correctly rebased and gc'ed their repository to get rid of the
    sensitive data (by making sure the First Changed Commit(s) no longer
    appear in their clone), and (2) help server admins ensure the
    necessary internal references are removed/updated and a gc has
    removed the necessary objects.
  * tracks whether an LFS objects are orphaned by the rewrite.  This
    information is necessary so users know to delete and/or purge those
    sensitive-data-contains LFS objects from the LFS server.
  * provides "NEXT STEPS" at the end of the git-filter-repo rewrite to
    assist users with the multiple steps they need to perform to
    complete the sensitive data removal, on top of having already run
    git-filter-repo.

On top of this, an extensive "Sensitive Data Removal" subsection  was
also added to the manual (with the "DISCUSSION" section).

Finally, a new changed-refs metadata file to make it easier for users to
determine which refs were modified in a rewrite.

Signed-off-by: Elijah Newren <[email protected]>