fix(agent): redact secrets from assistant output

[LeonSGP43]

Summary

• force existing secret redaction at assistant output boundaries even when general log redaction is disabled
• redact streamed deltas, interim assistant commentary, reasoning callbacks, stored assistant content/reasoning, and iteration-limit summaries
• add focused regressions for visible output, reasoning output, interim callbacks, and stored assistant messages

Why This Matters

Issue #20785 reports systemic secret leakage in assistant-visible output paths. This PR keeps the response scoped to that boundary: force redaction on streamed deltas, interim commentary, reasoning callbacks, persisted assistant content, and iteration-limit summaries even when broader log-redaction settings are off.

Verification

• scripts/run_tests.sh tests/run_agent/test_agent_output_redaction.py
• scripts/run_tests.sh tests/run_agent/test_agent_output_redaction.py tests/cli/test_reasoning_command.py::TestReasoningDeltasFiredFlag tests/run_agent/test_run_agent_codex_responses.py::test_stream_delta_strips_leaked_memory_context tests/run_agent/test_run_agent_codex_responses.py::test_stream_delta_strips_leaked_memory_context_across_chunks tests/run_agent/test_run_agent_codex_responses.py::test_interim_commentary_is_not_marked_already_streamed_without_callbacks tests/run_agent/test_run_agent_codex_responses.py::test_interim_commentary_is_not_marked_already_streamed_when_stream_callback_fails tests/run_agent/test_run_agent_codex_responses.py::test_interim_commentary_preserves_assistant_content
• scripts/run_tests.sh tests/agent/test_redact.py tests/run_agent/test_agent_output_redaction.py
• python -m py_compile run_agent.py tests/run_agent/test_agent_output_redaction.py
• git diff --check

Closes #20785

[LeonSGP43]

Packaging follow-up as of 2026-05-07.

• This PR remains narrowly scoped to #20785: force secret redaction at assistant-output boundaries even when broader log redaction is disabled.
• The body already lists the relevant changed-area verification for the redaction paths, including the focused redaction suites, the reasoning callback coverage, python -m py_compile, and git diff --check.
• Lint (ruff + ty) is red for workflow reasons, not because Ruff found a new blocker in this diff: the job completed its analysis and then failed when its PR-comment step tried to post to the issue with 403 Resource not accessible by integration.
• The red GitHub Tests / test run (25477914181) failed in a broad ACP/gateway/CLI/tooling set rather than one of the targeted redaction regressions listed in the PR body. I have not reproduced a redaction-specific regression from this diff.