fix: Redact credentials in download task logs

[YQ-Wang]

Description

This change adds a debug-safe wrapper for Download messages logged by the dfdaemon gRPC download handlers.

DfdaemonDownload::download_task and DfdaemonUpload::download_task previously logged the full Download payload with {:?} at info level. That payload can include caller-provided credentials in object storage, HDFS, HuggingFace, ModelScope, and request-header fields.

The new RedactedDownload wrapper preserves the existing log shape while replacing sensitive values with ***REDACTED***.

Redacted fields include:

• object_storage.access_key_secret
• object_storage.session_token
• object_storage.security_token
• object_storage.credential_path
• hdfs.delegation_token
• hugging_face.token
• model_scope.token
• Sensitive request headers such as authorization, proxy-authorization, cookie, x-amz-security-token, x-oss-security-token, and API-key style headers

Unit tests cover structured credential redaction, request-header redaction, preservation of non-secret fields, and the final rendered Debug output.

Motivation and Context

When dfget passes object storage credentials to dfdaemon, dfdaemon currently logs the full Download message at info level. Since the generated protobuf Debug implementation prints all fields verbatim, secret access keys and session tokens can be written to dfdaemon logs.

This change keeps the operational value of the existing log message while preventing plaintext credentials from being persisted.

Test Plan

cargo test -p dragonfly-client grpc::debug

[codecov]

Codecov Report

❌ Patch coverage is 99.66216% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 44.17%. Comparing base (a3faedc) to head (1bdd0c6).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
dragonfly-client-util/src/types/redacted.rs	99.66%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1818      +/-   ##
==========================================
+ Coverage   43.59%   44.17%   +0.58%     
==========================================
  Files          92       93       +1     
  Lines       26933    27229     +296     
==========================================
+ Hits        11741    12029     +288     
- Misses      15192    15200       +8     

Files with missing lines	Coverage Δ
dragonfly-client/src/grpc/dfdaemon_download.rs	4.79% <ø> (ø)
dragonfly-client/src/grpc/dfdaemon_upload.rs	0.00% <ø> (ø)
dragonfly-client-util/src/types/redacted.rs	99.66% <99.66%> (ø)

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[BraveY]

LGTM