fix: Sanitize string error messages to prevent sensitive data leakage

The string error handling path was creating Error objects directly
from unsanitized input, which could leak API keys, tokens, or URLs.

Now sanitizes the string before creating both Error.message and
errorDetails.message fields, preserving the existing type structure
while ensuring no sensitive data can leak through string errors.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

archon-ui-main/src/services/knowledgeBaseErrorHandler.ts

@@ -121,10 +121,11 @@ export function parseKnowledgeBaseError(error: any): EnhancedError {
   }
   
   if (typeof error === 'string') {
-    return Object.assign(new Error(error), {
+    const sanitizedMessage = sanitizeMessage(error);
+    return Object.assign(new Error(sanitizedMessage), {
       errorDetails: {
         error: 'api_error',
-        message: error,
+        message: sanitizedMessage,
         error_type: 'api_error' as const
       }
     }) as EnhancedError;