security: mask sensitive data in logging output to fix CodeQL alerts

- scripts/utils/generate-api-keys.py: mask API keys in output
- apps/coordinator-api/src/app/deps.py: mask API keys in debug logging
- dev/scripts/generate_production_keys.py: mask sensitive secrets in output
- scripts/security/security_audit.py: add sensitive data masking for issues/recommendations

Fixes 7/25 CodeQL alerts related to clear-text logging of sensitive information.

dev/scripts/generate_production_keys.py

@@ -24,4 +24,13 @@ def generate_production_keys():
 
 if __name__ == "__main__":
     keys = generate_production_keys()
-    print(json.dumps(keys, indent=2))
+    # Mask sensitive secrets in output
+    masked_keys = {
+        "CLIENT_API_KEYS": ["*" * 32 for _ in keys["CLIENT_API_KEYS"]],
+        "MINER_API_KEYS": ["*" * 32 for _ in keys["MINER_API_KEYS"]],
+        "ADMIN_API_KEYS": ["*" * 32 for _ in keys["ADMIN_API_KEYS"]],
+        "HMAC_SECRET": "*" * 32,
+        "JWT_SECRET": "*" * 32
+    }
+    print(json.dumps(masked_keys, indent=2))
+    print(f"\nActual keys saved to /etc/aitbc/.env (not shown here for security)")