Security fixes:
* Fix for a user potentially being able to disable their two factor authentication (PMASA-2022-1)
* Add a new configuration directive $cfg['URLQueryEncryption'] to allow encrypting sensitive information in the URL to prevent disclosure. Thanks to Rich Grimes for suggesting this improvement
* Add a new configuration directive $cfg['Servers'][$i]['hide_connection_errors'] to allow hiding the full error message when a log on attempt fails, which can leak hostnames or IP addresses of the target database server. Thanks to Dr. Shuzhe Yang, Manager Security Governance at GLS IT Services for suggesting this improvement
* Fixes for XSS and HTML injection attack in the graphical setup page (PMASA-2022-2)
