blacklist certain sensitive fields and relations as search arguments

see: #5465
see: #5478

awx/conf/models.py

@@ -8,7 +8,7 @@ import json
 from django.db import models
 
 # Tower
-from awx.main.models.base import CreatedModifiedModel
+from awx.main.models.base import CreatedModifiedModel, prevent_search
 from awx.main.fields import JSONField
 from awx.main.utils import encrypt_field
 from awx.conf import settings_registry
@@ -24,14 +24,14 @@ class Setting(CreatedModifiedModel):
     value = JSONField(
         null=True,
     )
-    user = models.ForeignKey(
+    user = prevent_search(models.ForeignKey(
         'auth.User',
         related_name='settings',
         default=None,
         null=True,
         editable=False,
         on_delete=models.CASCADE,
-    )
+    ))
 
     def __unicode__(self):
         try: