fix(security): remove semgrep blockers

[Nadav011]

Fix Semgrep blockers in app/_layout.tsx, SectionErrorBoundary.tsx, utils/storage.ts, and env.example.

Local verification: npm ci, npm run lint, npm run typecheck.

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[coderabbitai]

Warning

Rate limit exceeded

@Nadav011 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 4 minutes and 15 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 4 minutes and 15 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 72c31785-7e5c-41f8-83b5-781ac4c0ee49

📥 Commits

Reviewing files that changed from the base of the PR and between cace2ff and ed06026.

📒 Files selected for processing (4)

• app/_layout.tsx
• components/ui/SectionErrorBoundary.tsx
• env.example
• utils/storage.ts

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/security-semgrep-blockers

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR addresses Semgrep/security scan blockers by removing potentially sensitive or injectable content from logs and eliminating a real Supabase anon key from the example env file.

Changes:

• Replace interpolated/error-string console logging with structured logging objects in a few hotspots.
• Remove the real EXPO_PUBLIC_SUPABASE_ANON_KEY from env.example and replace it with a placeholder.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File	Description
utils/storage.ts	Switches storage error logging to structured output (constant message + metadata).
components/ui/SectionErrorBoundary.tsx	Switches section error boundary logging to structured output to avoid interpolated strings.
app/_layout.tsx	Switches store-init warning logging to structured output in __DEV__ only.
env.example	Replaces a real Supabase anon key with a placeholder value.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.