Make bad request exception generic unless in debug mode (0.15)

[glye]

Q	A
Bug fix?	debatable
New feature?	no
BC breaks?	tbd
Deprecations?	no
Tests pass?	tbd
Documented?	not yet
Fixed tickets	#1121
License	MIT

(This is a 0.15 port of #1128 The README is outdated and it's not entirely clear which branches are stable now, but it seems to be 0.15 and 1.0. I'm unsure if this will be accepted, I will add doc and possibly tests if there is some approval.)

Exceptions and specifically stack traces should not be shown in production. This bundle has a customisable error handler, but as the documentation states: "Only query parsed error won't be replaced.". I could make my own Parser override class which catches the exceptions in prod mode, but then how can I produce a usable JSON response? I needed to modify the GraphController to do that.

The fix is to check kernel.debug and catch bad request exceptions. If debug mode is enabled, it rethrows the exception (i.e. works as before). If disabled (prod mode), it instead returns a blank JsonResponse with HTTP 400 Bad Request status code and the exception message, but not the stack trace. The simplest manual test is to access example.com/graphql in a browser, in debug and prod modes.

If rejected, please let me know if you can see ways of doing this in my project without modifying your bundle. Thanks!

Related: It would also be nice to disable introspection in prod mode by default, like shown in the doc. But since it hasn't been done yet, I assume the maintainers aren't keen on it.

[glye]

Update in e1c522f: Use $e->getMessage() so that the HTTP 400 response includes the exception message, but not the stack trace. Works fine in my test.

[mcg-web]

Thank you @glye! Can you please check and make this change if good for you ?

[glye]

@mcg-web Hi, I have made the change as requested. Could you please review it?