fix(security): remove full traceback from cron error output to prevent info leakage

[memosr]

What does this PR do?

When a cron job fails, the error output sent to the delivery platform
includes the full Python traceback:

# Before (leaks internal info)
## Error

{error_msg}

{traceback.format_exc()}

A full traceback exposes:

• Internal file paths (e.g. /home/user/.hermes/...)
• Python library versions
• System architecture details
• Internal function call stack

This information is delivered to the configured platform (Telegram,
Discord, Slack, etc.) and could be seen by unintended recipients or
used by an attacker to fingerprint the system.

Fix

Removed traceback.format_exc() from the delivered output. The
error_msg (the exception message itself) is still included — it
provides enough context for the user to understand what went wrong
without leaking internal system details.

# After (safe)
## Error

{error_msg}

Type of Change

• 🔒 Security fix (information leakage)

Checklist

• Read the Contributing Guide
• Commit messages follow Conventional Commits
• Error message still delivered for user debugging
• Full traceback still available in local logs for developers

[trevorgordon981]

Intent is correct — delivering full tracebacks to Telegram/Discord/Slack bleeds internal paths, library versions, and call stacks to recipients who may not be operators. The user's PR description flags the right concern.

But the claim "Full traceback still available in local logs for developers" doesn't match what this PR does.

Looking at the surrounding code:

except Exception as e:
    error_msg = f"{type(e).__name__}: {str(e)}"
    logger.error("Job '%s' failed: %s", job_name, error_msg)  # <-- only error_msg
    # ...
    output = f"... {error_msg} ...{traceback.format_exc()}"  # <-- was here

The only existing log call is logger.error(..., error_msg) which logs the exception type + message, NOT the traceback. Before this PR, the traceback was delivered to the user as output. After this PR, the traceback is gone entirely — not in logs, not in delivery.

Operators debugging cron job failures lose their primary diagnostic trail. A cron error report saying KeyError: 'foo' with no traceback is an incomplete bug report.

Fix: swap logger.error for logger.exception (or logger.error(..., exc_info=True)).

except Exception as e:
    error_msg = f"{type(e).__name__}: {str(e)}"
    logger.exception("Job '%s' failed", job_name)  # logs traceback to log file
    # ... deliver only error_msg in output (this PR's fix)

logger.exception() automatically includes the full traceback in the log record, which operators can grep for. Users on the delivery platform get the sanitized error_msg only.

Dead import.

import traceback on line 18 is the only use that existed. After this PR, the import is unused. Ruff/flake8 should flag it. Drop the import or use it for the logger fix above.

Minor — audit for other traceback leaks.

The PR fixes this specific delivery path, but are there other places where cron job errors get formatted into user-facing output? Worth a grep across the cron scheduler and delivery pipeline to make sure this isn't a whack-a-mole situation.

Summary: ship the delivery fix, but pair it with logger.exception() so the traceback is preserved in logs. Otherwise this is an operational regression wearing a security-fix hat.

[teknium1]

Merged via PR #5288 (consolidated bugfix salvage). Your commit(s) were cherry-picked onto current main with your authorship preserved in git log. Thanks @memosr for the fix!