fix: remove secrets, PII, response bodies from prod logs; preserve stack traces.

[joemocode-business]

I found secrets, PII, and external API response bodies reachable via console.error/console.warn in production in certain cases. This commit removes these. I also improved some of the errors that lacked stack traces, usually when we catch and return rather than relying on the catch-all error handler. This audit relies on properly setting WARN + here: #224

Secrets removed:

• aurora-portal.ts -- four assert() messages included JSON.stringify(data) containing accessKeySecret (Aurora S3 credentials). Exposed in the CreateAccessKey Lambda log stream on assertion failure.
• aurora-backoffice.ts -- two throw new Error() messages included JSON.stringify(data) containing token (Aurora API key). Exposed in the AuroraTenantSetup Lambda log stream via the catch-all error handler.

PII removed:

• confirm-org.ts -- console.error logged user email on billing trial failure. Exposed in the ConfirmOrg Lambda log stream.

Stack traces preserved

• 15 console.error/console.warn calls across handlers, middleware, and jobs were logging (err as Error).message, discarding the stack trace. Changed to log the full error object.

Log level corrections:

• 10 handlers logged "Aurora tenant setup is not complete" at console.error. Downgraded to console.warn, but I can be convinced to roll this back to error since it should be unlikely to happen.