Redact git credentials from logs

Git URLs with authentication tokens were leaking in logs during
clone operations. Added GitLogger wrapper to automatically sanitize
credentials from all log output.

Author: ghostwriternr

.changeset/new-students-accept.md

@@ -0,0 +1,5 @@
+---
+"@cloudflare/sandbox": patch
+---
+
+Redact credentials from Git URLs in logs

CLAUDE.md

@@ -34,7 +34,7 @@ The Cloudflare Sandbox SDK enables secure, isolated code execution in containers
    - `CodeInterpreter`: High-level API for running Python/JavaScript with structured outputs
    - `proxyToSandbox()`: Request handler for preview URL routing
 
-2. **`@repo/shared` (packages/shared/)** - Shared types and error system
+2. **`@repo/shared` (packages/shared/)** - Shared utilities
    - Type definitions shared between SDK and container runtime
    - Centralized error handling and logging utilities
    - Not published to npm (internal workspace package)

package-lock.json

@@ -1,5 +1,5 @@
 import type { Logger } from '@repo/shared';
-import { createLogger } from '@repo/shared';
+import { createLogger, GitLogger } from '@repo/shared';
 import { ExecuteHandler } from '../handlers/execute-handler';
 import { FileHandler } from '../handlers/file-handler';
 import { GitHandler } from '../handlers/git-handler';
@@ -96,6 +96,9 @@ export class Container {
     // Initialize SessionManager
     const sessionManager = new SessionManager(logger);
 
+    // Create git-specific logger that automatically sanitizes credentials
+    const gitLogger = new GitLogger(logger);
+
     // Initialize services
     const processService = new ProcessService(
       processStore,
@@ -108,7 +111,7 @@ export class Container {
       sessionManager
     );
     const portService = new PortService(portStore, securityAdapter, logger);
-    const gitService = new GitService(securityAdapter, logger, sessionManager);
+    const gitService = new GitService(securityAdapter, gitLogger, sessionManager);
     const interpreterService = new InterpreterService(logger);
 
     // Initialize handlers
@@ -117,7 +120,7 @@ export class Container {
     const fileHandler = new FileHandler(fileService, logger);
     const processHandler = new ProcessHandler(processService, logger);
     const portHandler = new PortHandler(portService, logger);
-    const gitHandler = new GitHandler(gitService, logger);
+    const gitHandler = new GitHandler(gitService, gitLogger);
     const interpreterHandler = new InterpreterHandler(
       interpreterService,
       logger