Remove use of term whitelist

Uses preferred terminology 'allowed' instead.

app/models/concerns/safe_url.rb

@@ -3,12 +3,12 @@
 module SafeUrl
   extend ActiveSupport::Concern
 
-  def safe_url(usernames_whitelist: [])
+  def safe_url(allowed_usernames: [])
     return if url.nil?
 
     uri = URI.parse(url)
     uri.password = '*****' if uri.password
-    uri.user = '*****' if uri.user && !usernames_whitelist.include?(uri.user)
+    uri.user = '*****' if uri.user && allowed_usernames.exclude?(uri.user)
     uri.to_s
   rescue URI::Error
   end

app/models/remote_mirror.rb

@@ -207,7 +207,7 @@ class RemoteMirror < ApplicationRecord
   end
 
   def safe_url
-    super(usernames_whitelist: %w[git])
+    super(allowed_usernames: %w[git])
   end
 
   def bare_url

spec/models/concerns/safe_url_spec.rb

@@ -26,14 +26,16 @@ RSpec.describe SafeUrl do
     context 'when URL contains credentials' do
       let(:url) { 'http://foo:bar@example.com' }
 
-      it { is_expected.to eq('http://*****:*****@example.com')}
+      it 'masks username and password' do
+        is_expected.to eq('http://*****:*****@example.com')
+      end
 
-      context 'when username is whitelisted' do
-        subject { test_class.safe_url(usernames_whitelist: usernames_whitelist) }
+      context 'when username is allowed' do
+        subject { test_class.safe_url(allowed_usernames: usernames) }
 
-        let(:usernames_whitelist) { %w[foo] }
+        let(:usernames) { %w[foo] }
 
-        it 'does expect the whitelisted username not to be masked' do
+        it 'masks the password, but not the username' do
           is_expected.to eq('http://foo:*****@example.com')
         end
       end