fix: stop leaking LLM error details to HTTP clients and WhatsApp users

Log full error details server-side with tracing::error! and return
generic messages to clients. Previously, the raw anyhow error chain
(which could include provider URLs, HTTP status codes, or partial
request bodies) was forwarded to end users.

Closes #59

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

src/gateway/mod.rs

@@ -302,7 +302,8 @@ async fn handle_webhook(
             (StatusCode::OK, Json(body))
         }
         Err(e) => {
-            let err = serde_json::json!({"error": format!("LLM error: {e}")});
+            tracing::error!("LLM error: {e:#}");
+            let err = serde_json::json!({"error": "Internal error processing your request"});
             (StatusCode::INTERNAL_SERVER_ERROR, Json(err))
         }
     }
@@ -405,8 +406,10 @@ async fn handle_whatsapp_message(State(state): State<AppState>, body: Bytes) ->
                 }
             }
             Err(e) => {
-                tracing::error!("LLM error for WhatsApp message: {e}");
-                let _ = wa.send(&format!("⚠️ Error: {e}"), &msg.sender).await;
+                tracing::error!("LLM error for WhatsApp message: {e:#}");
+                let _ = wa
+                    .send("Sorry, I couldn't process your message right now.", &msg.sender)
+                    .await;
             }
         }
     }

src/security/secrets.rs

@@ -241,7 +241,7 @@ fn hex_encode(data: &[u8]) -> String {
 
 /// Hex-decode a hex string to bytes.
 fn hex_decode(hex: &str) -> Result<Vec<u8>> {
-    if hex.len() % 2 != 0 {
+    if !hex.len().is_multiple_of(2) {
         anyhow::bail!("Hex string has odd length");
     }
     (0..hex.len())

src/tools/browser.rs

@@ -366,6 +366,7 @@ impl BrowserTool {
 }
 
 #[async_trait]
+#[allow(clippy::too_many_lines)]
 impl Tool for BrowserTool {
     fn name(&self) -> &str {
         "browser"