Add a filter_parameter_logging usage hint to generated ApplicationController.

This may help to remind the developer to filter sensitive information from application logs.
Closes #11578

railties/helpers/application.rb

@@ -7,4 +7,9 @@ class ApplicationController < ActionController::Base
   # See ActionController::RequestForgeryProtection for details
   # Uncomment the :secret if you're not using the cookie session store
   protect_from_forgery # :secret => '<%= app_secret %>'
+  
+  # See ActionController::Base for details 
+  # Uncomment this to filter the contents of submitted sensitive data parameters
+  # from your application log (in this case, all fields with names like "password"). 
+  # filter_parameter_logging :password
 end