Harden provider failure logging

[TheShnider]

Closes #38

[vercel]

@TheShnider is attempting to deploy a commit to the emrekayat's projects Team on Vercel.

A member of the Team first needs to authorize it.

[drips-wave]

@TheShnider Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

[emrekayat]

Thanks for the provider failure logging hardening. I checked this against #38 and ran the targeted command:

• npm test --workspace @query402/api -- src/services/query-service.test.ts

I cannot merge it yet because the PR's own targeted tests currently fail:

• rejects unsafe scrape URLs at the service boundary fails its toBeInstanceOf(UnsafeScrapeUrlError) assertion after the new module mock/reset setup. This looks like a module-instance mismatch introduced by vi.resetModules() plus the top-level imported class.
• logs provider failures with safe metadata only expects [redacted-url], but the sanitizer currently redacts URLs to [redacted] in the final message because the later url|targetUrl replacement also matches the redacted URL label.

The implementation direction is good, but please make the targeted tests pass and keep the assertions aligned with the intended redaction tokens. After that I can re-run the same command plus the API typecheck.