AuthConfig of datasource gets expanded in createSqlVectorLayer

[boardend]

What is the bug or the crash?

When adding/updating a SQL-layer, the authentication configuration gets expanded in the createSqlVectorLayer-implementations of the database providers. This is critical as it leads to leaking the datasource password to the project file, even though the datasource is configured and used via the authentication manager.

This behavior was observed with a PostGIS database, but it seems that the following providers are affected:

• QgsPostgresProviderConnection
• QgsSpatiaLiteProviderConnection
• QgsOracleProviderConnection
• QgsHanaProviderConnection

Steps to reproduce the issue

1. Create a new project and store it as a .qgs file
2. Create a new PostgreSQL connection with the credentials stored in the authentication manager
3. Add any table as layer
4. Save the project
5. Inspect the <datasource> in the .qgs file
   • The datasource is stored with authcfg 👍
6. Right click on that table in the Browser -> "Execute SQL"
7. Execute the generated query and add the new Layer with "Load layer"
8. Save the project
   • The new datasource is stored with username and password 👎

Versions

• Current LTS: QGIS 3.34.8 'Prizren'
• Current master: 79285c27c2ce342ab1267c72d2b02b767d4b32e4

Supported QGIS version

• I'm running a supported QGIS version according to the roadmap.

New profile

• I tried with a new QGIS profile

Additional context

NOTE: Will create a PR with expandAuthConfig set to false when creating the QgsVectorLayer in the providers listed above

[boardend]

Not sure if #58020 is the best approach, since uri() with expandAuthConfig defaulted to true is used in other functions of those QgsAbstractDatabaseProviderConnections..?

cc @m-kuhn, @elpaso