#22231: fix(security): redact sensitive data in session transcripts

## Summary - **CRITICAL-4**: Apply `redactSensitiveText()` to session transcript content before writing to disk, preventing credentials and API keys from being persisted in plaintext Reuses the existing `redactSensitiveText` utility from `src/logging/redact.ts`. ## Test plan - [ ] Verify transcripts no longer contain raw API keys / tokens - [ ] `pnpm check` passes <!-- greptile_comment --> <h3>Greptile Summary</h3> Applied `redactSensitiveText()` to assistant messages before writing to session transcripts, preventing API keys, tokens, and other credentials from being persisted in plaintext. - Redaction happens at the right abstraction layer inside `appendAssistantMessageToSessionTranscript()` in `src/config/sessions/transcript.ts:128`, ensuring all call sites automatically benefit - Reuses the existing, well-tested `redactSensitiveText` utility from `src/logging/redact.ts` which handles various token formats (API keys, bearer tokens, private keys, Telegram tokens, etc.) - Added clear comment explaining the security measure and recommending OS-level encryption as an additional layer <h3>Confidence Score: 5/5</h3> - This PR is safe to merge with minimal risk - it's a focused security improvement with no behavioral changes - The change is a straightforward security enhancement that applies redaction to session transcripts using a well-tested utility function. The implementation is at the correct layer, has no side effects, and the `redactSensitiveText` function has comprehensive test coverage - No files require special attention _{Last reviewed commit: 750c3c3} <!-- greptile_other_comments_section --> <!-- /greptile_comment -->