[SECURITY] Add sanitized command preview before scan execution

[utksh1]

Summary

Show users a sanitized preview of the generated scanner command before they queue a scan.

Problem

Dynamic plugin command templates can be difficult to reason about. Users should be able to see what SecuScan is about to run, while secrets and sensitive values remain redacted.

Proposed solution

Add a command-preview step or panel in the scan configuration flow.

Expected behavior:

• Build a preview from plugin metadata and current form inputs.
• Redact secrets, tokens, passwords, cookies, authorization headers, and vault references.
• Highlight missing/invalid fields before command generation.
• Clearly mark the preview as local/sanitized and not a copy-paste guarantee if runtime normalization changes values.

Acceptance criteria

• Users can preview the generated command before starting a scan.
• Sensitive fields are redacted in the preview.
• Preview updates when form inputs change.
• Scan submission behavior remains unchanged.
• Tests cover redaction and at least one generated preview case.

Suggested files

• frontend/src/pages/ToolConfig.tsx
• frontend/src/api.ts
• backend/secuscan/plugins.py or a new preview endpoint if backend generation is preferred
• frontend/testing/unit/pages/ToolConfigDynamic.test.tsx
• Backend tests if adding an API endpoint

Test plan

• Run frontend typecheck and tests.
• Verify a plugin with normal inputs shows a preview.
• Verify sensitive inputs are redacted.
• Verify starting a scan still sends the original inputs, not the redacted preview.

[aaniya22]

pls assign this to me