feat(privacy): hardened recursive PII redaction and structured JSON r…

[retkatmun]

…equest logging

• Rewrite src/middleware/privacy-logger.ts with SENSITIVE_KEYS, PII_PATTERNS, redact, maskIp, and privacyLogger emitting a flat LogLine shape
• Redaction marker changed to [REDACTED]; covers email/JWT value patterns
• Emit single console.log JSON line on res.finish with exact schema: timestamp, level, event, service, method, url, status, durationMs, ip, body, query, headers
• Redacts authorization, x-api-key, x-auth-token, cookie headers
• Error path emits safe 3-key fallback; never surfaces raw PII
• Add src/tests/privacy-logger.redaction.test.ts: 41 tests + snapshot
• Update docs/privacy-logging.md

Closes #619

[1nonlypiece]

this is genuinely a nicer redactor than what we had — the recursive walk and the structured JSON output are the right direction. the snag is timing: #633 (the property-based redaction tests) merged just ahead of this and it pins the current contract — ***REDACTED*** as the marker, [Circular] for cycles, maskIp returning x.x.x.x, and the privacy.request_logged pino line. your version changes those ([REDACTED], different circular + ip handling, a console.log http.request line), so that suite goes red as-is. could you rebase on current main and either align the markers/middleware shape to what those tests expect, or update them deliberately if you think the new contract is better and just call out why? then i'll get it straight in. happy to talk it through on discord https://discord.gg/xvNAvMJf — solid work, just need the two to agree.