Teach Snowflake Engine to properly support _pwd query params

[theory]

This works for the SNOWSQL client, however the string needs to be in the Engine string or it returns the error: "cannot marshal private file". Additionally, sqitch is printing the passphrase in plaintext in its logs. Example:

$ sqitch deploy --registry ${REGISTRY} --verify -s ENV=$ENV "db:snowflake://${SNOWSQL_ACCOUNT}.snowflakecomputing.com/sqitch?Driver=Snowflake;warehouse=Deployment;authenticator=SNOWFLAKE_JWT;uid=SVC_DEPLOY;priv_key_file=/ssh/snowflake_svc_deploy.p8;role=ACCOUNTADMIN;priv_key_file_pwd=${PASSPHRASE};database=SQITCH"
Deploying changes to db:snowflake://zea07112.us-east-1.snowflakecomputing.com/sqitch?Driver=Snowflake;warehouse=Deployment;authenticator=SNOWFLAKE_JWT;uid=SVC_DEPLOY;priv_key_file=/ssh/snowflake_svc_deploy.p8;role=ACCOUNTADMIN;priv_key_file_pwd=my%20secret%20passphrase;database=SQITCH
  + AddDataEngETLRole ...... ok
  + AddDataEngETLWarehose .. ok

Originally posted by @jperkelens in #318 (comment)

[theory]

We should teach the Snowflake engine to redact any _pwd param values in target URI displays, and ideally support reading them from the SnowSQL config file and environment variables so that they don't have to be in the URI at all.