scrub PII from Sentry breadcrumb request bodies

[No-bodyq]

Summary

• Added a SENSITIVE_FIELDS constant (password, oldPassword, newPassword, email, cardNumber, cvv, token, refreshToken) in src/config/logging.ts
• Implemented a recursive scrubSensitiveFields helper that replaces matching keys with '[REDACTED]' while preserving all other fields
• Updated beforeBreadcrumb to apply scrubbing to breadcrumb.data.body and breadcrumb.data.request.data for xhr and http type breadcrumbs only — other breadcrumb types are unaffected
• Existing URL query-param token stripping (token, access_token) is preserved alongside the new body scrubbing

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Chore / Refactor (no functional changes)

Testing Done

• Unit Tests
• Integration Tests
• Manual Verification (e.g., iOS/Android UI checks)

Security Considerations

• Does this store user data securely (e.g., avoiding plain AsyncStorage for sensitive data)? — N/A to this change
• Is token handling secure (no token exposure in logs or UI)? — Tokens and passwords are now [REDACTED] in Sentry breadcrumb bodies; URL token stripping retained
• Are all user inputs validated? — N/A to this change
• Is deep link handling safe from malicious payloads? — N/A to this change

Performance Considerations

• Are React hooks (useCallback, useMemo) used appropriately to prevent unnecessary renders? — N/A to this change
• Is FlatList optimized (e.g., using getItemLayout, keyExtractor)? — N/A to this change
• Are asynchronous patterns handled correctly (e.g., useEffect cleanup to avoid memory leaks)? — beforeBreadcrumb is synchronous; no async changes
• Have bundle size impacts been considered? — No new dependencies; recursive scrubber is a small pure function

Checklist

• I have read the CONTRIBUTING guide.
• My code follows the style guidelines of this project.
• I have updated the documentation accordingly. — N/A; no public API surface changed
• Are there architectural changes? If so, is there an Architectural Decision Record (ADR)? — No architectural changes

Closes #583

[drips-wave]

@No-bodyq Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

[RUKAYAT-CODER]

Thank you for contributing to the project.