fix(server): redact provider credentials in gRPC CRUD responses

[drew]

Motivation

• Provider CRUD gRPC handlers returned full Provider objects (including credentials) which risked credential disclosure to unauthenticated clients such as sandbox workloads. This change aims to prevent secret exposure while preserving existing persistence and provider semantics.

Description

• Added a redact_provider_credentials helper that clears the Provider.credentials map and returns the provider unchanged otherwise.
• Updated CreateProvider, GetProvider, ListProviders, and UpdateProvider gRPC handlers to return redacted providers so responses do not include secret credential values.
• Added a unit test redact_provider_credentials_clears_only_credentials to verify that only the credentials map is cleared and other fields (id, name, type, config) are preserved.

Testing

• Ran cargo fmt --all --check, which completed successfully.
• Added and exercised the focused unit test redact_provider_credentials_clears_only_credentials via cargo test in this environment but the full build/test run became impractical due to long compile times and was interrupted.
• mise run pre-commit was attempted but blocked in this environment due to toolchain/version resolution and network trust issues (environment-specific, not code-related).

---

Codex Task

[github-actions]

Thank you for your submission! We ask that you sign our Developer Certificate of Origin before we can accept your contribution. You can sign the DCO by adding a comment below using this text:

---

I have read the DCO document and I hereby sign the DCO.

---

_{You can retrigger this bot by commenting recheck in this Pull Request. Posted by the DCO Assistant Lite bot.}

[johntmyers]

Closing in favor of consolidated re-implementation. See #350 for tracking.