feat(telemetry): capture error messages with security hardening

## Summary
Enhanced telemetry system to capture actual error messages for debugging
while implementing comprehensive security hardening to protect sensitive data.

## Changes
- Added optional errorMessage parameter to trackError() method
- Implemented sanitizeErrorMessage() with 7-layer security protection
- Updated all production and test call sites (atomic change)
- Added 18 new security-focused tests

## Security Fixes
- ReDoS Prevention: Early truncation + simplified regex patterns
- Full URL Redaction: Changed [URL]/path → [URL] to prevent leakage
- Credential Detection: AWS keys, GitHub tokens, JWT, Bearer tokens
- Correct Sanitization Order: URLs → credentials → emails → generic
- Error Handling: Try-catch wrapper with [SANITIZATION_FAILED] fallback

## Impact
- Resolves 272+ weekly errors with no error messages
- Protects against ReDoS attacks
- Prevents API structure and credential leakage
- 90.75% test coverage, 269 tests passing

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

src/telemetry/telemetry-manager.ts

@@ -152,9 +152,9 @@ export class TelemetryManager {
   /**
    * Track an error event
    */
-  trackError(errorType: string, context: string, toolName?: string): void {
+  trackError(errorType: string, context: string, toolName?: string, errorMessage?: string): void {
     this.ensureInitialized();
-    this.eventTracker.trackError(errorType, context, toolName);
+    this.eventTracker.trackError(errorType, context, toolName, errorMessage);
   }
 
   /**