security(network): sanitize internal state in error messages (TM-INF-016)

[chaliy]

Problem

TM-INF-016 is documented as OPEN in the threat model. Multiple error paths leak host-internal details to the sandbox guest:

1. error.rs:38 — wraps std::io::Error via #[from], which can include real host filesystem paths
2. network/client.rs:224 — wraps reqwest::Error which can contain resolved IPs, TLS negotiation details, DNS info
3. git/client.rs — includes VFS paths and remote URLs in errors
4. scripted_tool/execute.rs:323 — uses {:?} (Debug format) while BashTool uses error_kind() — inconsistent

Attack scenario

A script running inside the sandbox triggers an error (e.g. curl to an unreachable host, or a filesystem operation on a RealFs mount). The raw error message reveals host-internal information (real paths, resolved IPs) that the sandbox should hide.

Expected behavior

All errors surfaced to the guest should use consistent Display format with sanitized messages. External library errors (std::io, reqwest) should be wrapped to strip host-specific details.

Suggested approach

• Wrap std::io::Error with path sanitization (strip real FS prefixes)
• Wrap reqwest::Error to redact resolved IPs and TLS details
• Use Display consistently, never Debug ({:?}) for guest-facing errors
• Add tests that verify error messages from network failures and FS errors don't contain host paths or IPs

References

• Threat model: specs/006-threat-model.md lines 403, 418-422
• Inspired by just-bash #143 and #160 which did similar error sanitization