InputTracer: Distinguish sensitive events

There are three levels of tracing: complete, redacted, and none.

Write events that are redacted into a separate proto, while also
omitting certain fields from being written.

The redacted level will be used in subsequent CLs.

Bug: 210460522
Test: manual with perfetto
Change-Id: Ie65e7915c3aa5fc972e675c43e46970363bab3a4