/env/{name} does not mask sensitive placeholders for a non-regex name

The sanitisation is only performed in the code path that handles regular expressions so a request for `/env/my.foo` will not be santized whereas a request for `/env/my.*` will be.