fix(security): stop logging partial token values

[Mossaka]

Summary

• Remove format_token_value() from both C and Rust one-shot-token implementations which leaked the first 4 characters of sensitive tokens to stderr
• Replace with token length logging (length: N) which provides useful debug info without exposing secret material
• Update integration tests and documentation to match new log format

Details

The one-shot-token LD_PRELOAD library was logging partial token values like ghp_... and sk-a... when debug mode was enabled. While this only occurs with AWF_ONE_SHOT_TOKEN_DEBUG=1, CI environments capture stderr logs which persist for 90 days, creating an unnecessary exposure of token prefixes that reveal token type information.

Fixes #758

Test plan

• All 831 unit tests pass
• Lint passes (0 errors)
• Integration test assertions updated to expect (length: N) format
• Both C (one-shot-token.c) and Rust (src/lib.rs) implementations updated
• README examples updated

🤖 Generated with Claude Code

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	82.28%	82.42%	📈 +0.14%
Statements	82.25%	82.39%	📈 +0.14%
Functions	82.60%	82.60%	➡️ +0.00%
Branches	74.43%	74.52%	📈 +0.09%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/docker-manager.ts	83.0% → 83.6% (+0.55%)	82.4% → 82.9% (+0.53%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts