fix(oauth2): redact sensitive auth material in debug request logs

[coderabbitai]

Summary

The OAuth2 debug logging path (using the debug('oauth2') calls) logs the full requestConfig and data objects verbatim, which includes sensitive client authentication material:

• Authorization: Basic <base64(client_id:client_secret)> for client_secret_basic
• client_secret in the form body for client_secret_post
• Signed client_assertion JWTs for client_secret_jwt / private_key_jwt (widened by PR feat(oauth2): full set of token-endpoint client authentication methods (RFC 7591 / 7523 / 8705) #8051)

The leak pre-existed this PR for the first two cases; PR #8051 added JWT assertions to the set of material flowing through the same path.

Proposed fix

Add a redaction helper that, before the debug log is built, creates sanitized shallow clones of requestConfig.headers and the form data object, replacing sensitive keys (Authorization, client_secret, client_assertion, client_assertion_type) with a [REDACTED] placeholder. The original objects must remain unchanged so the actual HTTP request continues to send real credentials.

Apply the helper in both:

• packages/bruno-requests/src/auth/oauth2-helper.ts (around the debug('oauth2')('> request') call)
• packages/bruno-electron/src/utils/oauth2.js (matching log site)

References

• PR feat(oauth2): full set of token-endpoint client authentication methods (RFC 7591 / 7523 / 8705) #8051 — comment: feat(oauth2): full set of token-endpoint client authentication methods (RFC 7591 / 7523 / 8705) #8051 (comment)
• Requested by: @jattsson

[coderabbitai]

🔗 Related PRs

#6164 - fix: get certs and proxy config based on oauth2 token and refresh urls instead of resource url [merged]
#6186 - fix: handle optional clientSecret in OAuth2 authorization header [merged]
#6263 - fix: OAuth2 Basic Auth header encoding for special characters [merged]
#6565 - fix: oauth setup component colors [merged]
#6675 - fix: auth in cli [merged]

---

📝 Issue Planner

_{Check the box below or use the @coderabbitai plan command to generate an implementation plan and prompts that you can use with your favorite coding assistant.}

• Create Plan

---

🧪 Issue enrichment is currently in open beta.

You can configure auto-planning by selecting labels in the issue_enrichment configuration.

To disable automatic issue enrichment, add the following to your .coderabbit.yaml:

issue_enrichment:
  auto_enrich:
    enabled: false

💬 Have feedback or questions? Drop into our discord!