.NET: sanitize redirectUrl for logs

[DeagleGross]

1. Sanitizing redirect url
2. Using redirect Url from the _basePath to not use input without validation

• The code builds clean without any errors or warnings
• The PR follows the Contribution Guidelines
• All unit tests pass, and I have added new tests where possible
• Is this a breaking change? If yes, add "[BREAKING]" prefix to the title of the PR.

[Copilot]

Pull Request Overview

This PR adds security hardening to prevent log injection attacks by sanitizing the redirectUrl before logging. When redirecting requests to include a trailing slash, the URL is now sanitized to remove newline characters that could be used to inject malicious content into logs.

• Introduces a GeneratedRegex pattern to match and remove newline characters (\r\n)
• Changes the class to partial to support the source-generated regex
• Sanitizes the redirectUrl before logging to prevent log injection vulnerabilities

[ReubenBond]

I am not 100% sure on the right approach for sanitizing log lines. I think it's fine to just delete that log line, tbh. It's a false alarm anyway, because path == _basePath which is a constant and cannot contain newlines.

[DeagleGross]

I am not 100% sure on the right approach for sanitizing log lines. I think it's fine to just delete that log line, tbh. It's a false alarm anyway, because path == _basePath which is a constant and cannot contain newlines.

I also consider this a false alarm, but I think DevUI should have more logs, not less, to improve dev experience and debugging. That's why decided to leave it.

Decided to do the simple regex for now - we can improve later once we find out best practice for sanitization