fix(config): provide redacted config snapshots for safe diagnostic output

[UGVicV]

Description

This PR resolves the issue where Config.to_dict() returns all config values in plain form, including sensitive credentials like passwords, tokens, and API keys. Operational logs or diagnostic output that serialize config snapshots can inadvertently expose credential material.

Fix

• Added SENSITIVE_KEY_PATTERNS regex matching: password, secret, token, key, credential, auth (case-insensitive).
• Added REDACTED_VALUE = "***REDACTED***" constant for consistent masking.
• Added Config._redact_dict() static method that recursively walks nested config dicts and masks sensitive keys.
• Added Config.to_redacted_dict() public method that returns a deep copy of config with sensitive values masked.
• to_dict() is preserved unchanged for trusted internal use.
• Wrapped in try-except with logger.error() for robust error logging.
• Ensured 100% PEP8 compliance (all lines under 79 characters).

Verification (Proof)

Added 5 regression tests to tests/test_config.py:

• test_redacted_masks_sensitive: Verifies password/token/auth keys are masked.
• test_redacted_preserves_safe: Verifies non-sensitive keys (app_name, port) remain visible.
• test_redacted_nested: Verifies nested dict keys like database.password are masked.
• test_redacted_does_not_modify_orig: Verifies to_redacted_dict() does not mutate the original config.
• test_to_dict_returns_full_data: Verifies to_dict() still returns unredacted data.

Test Execution Output

57 passed in 0.06s

Lint & Formatting Output

• flake8 src/common/config.py tests/test_config.py -> Passed (0 errors/warnings)
• git diff --check -> Passed (0 errors)

No secrets, tokens, or hidden context are included in the code.

Closes #3015.