Do not log all authorization policies by default (add config flag)

[mariajgrimaldi]

Description

Currently, all authorization policies are printed to the console during startup and/or reload. This creates noisy logs, increases log volume, and may expose sensitive authorization data in production environments.

Policy logging is useful for debugging, but it should not be enabled by default in production. Instead, it should be controlled via a configuration flag (if possible cause this is casbin's doing)

Proposed approach

Add a configuration flag to control policy logging, for example:

Behavior:

• False (default): Do not log policies.
• True: Log policies (debug mode).

Optional improvement:

• Log a summary instead (e.g., number of policies loaded).
• Move full policy logging to DEBUG level only.

[BryanttV]

Two options come to mind:

1. Use a CASBIN_ENABLE_POLICY_LOGGING setting (boolean) to enable or disable policy logging. Default is False.
2. Use a CASBIN_LOG_LEVEL setting (string) to set the logging level. Default is WARNING.

What do you think? Which option do you prefer? @mariajgrimaldi @bmtcril

[BryanttV]

PR created using the second option: #152