Bearer tokens and webhook signatures could leak to Sentry

Sentry capture ran without a beforeSend filter, so caught errors carrying request metadata (Authorization headers, x-hub-signature-256, GitHub installation tokens, JWT bodies) could be serialized into Sentry events. Fixed by adding a recursive scrubber on both server and edge runtimes.

Sentry events could include OIDC bearer tokens, GitHub installation tokens, or webhook signatures because no scrubber was configured.