security: Internal error details exposed to API clients

[nfebe]

Problem

Multiple API endpoints return raw err.Error() in JSON responses:

c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})

Found at lines ~903, 918, 923, 1500, 2028, and many others in internal/api/server.go.

This leaks internal paths, database structures, Docker error details, and system information to any API caller.

Impact

Information disclosure that aids attackers in mapping the system internals.

Proposed Fix

• Log detailed errors server-side with a correlation ID
• Return generic error messages to clients: {"error": "internal error", "id": "abc123"}
• Create an error mapping layer that translates known errors to safe user-facing messages