fix: avoid leaking original payloads in sanitization errors

[ioncache]

Problem

When sanitization fails unexpectedly, sanitizeData wraps the failure in DataSanitizationError and includes originalData in error.details. For a sanitization library intended to make data safe for logging or external exposure, retaining the raw payload in an error object is risky, especially because the README example demonstrates logging error.details.

Observed behavior

After yarn build, probing the built package showed that this input throws and preserves the unsanitized object in error details:

sanitizeData({ password: 'abc"def', username: 'mark' });

Observed result:

DataSanitizationError: Error parsing data
error.details.originalData.password === 'abc"def'

The escaped quote causes the regex-sanitized JSON to fail parsing, and the wrapper keeps the original secret-bearing payload.

Expected behavior

Sanitization errors should not expose raw caller payloads by default. Error details should be limited to safe metadata, sanitized summaries, or generic failure information.

Relevant files

• src/index.ts — unexpected errors are wrapped with { error, originalData: data }.
• src/errors.ts — custom error preserves arbitrary details.
• README.md — error-handling example logs error.details.
• test/index-errors.test.ts — add regression coverage that error details do not include raw sensitive payloads.

Acceptance criteria

• DataSanitizationError thrown by sanitizeData never includes raw sensitive input data in public details.
• Error details remain useful enough for debugging without exposing payload values.
• README error-handling example is updated to avoid encouraging logging raw details.
• Add regression tests covering parse failure/error wrapping with sensitive input.