🟡 Secret path logged unmasked in PushEnvToSecretsCommandHandler despite masking in PushSingleCommandHandler

[macalbert]

The PR #90 introduces EnvironmentVariable.maskSecretPath() (src/envilder/domain/EnvironmentVariable.ts:58-60) and applies it consistently in PushSingleCommandHandler (src/envilder/application/pushSingle/PushSingleCommandHandler.ts:24,35), AwsSsmSecretProvider (src/envilder/infrastructure/aws/AwsSsmSecretProvider.ts:39), and AzureKeyVaultSecretProvider (src/envilder/infrastructure/azure/AzureKeyVaultSecretProvider.ts:36).

However, PushEnvToSecretsCommandHandler.pushParameter logs the secret path unmasked on line 158, leaking the full path (e.g., /myapp/prod/db-password) in log output during bulk push operations. This is inconsistent with the masking intent established by the other handlers in this same PR.

      `Pushed ${keysDescription}=${envVariable.maskedValue} to secret store at path ${EnvironmentVariable.maskSecretPath(secretPath)}`,

---

Originally posted by @devin-ai-integration[bot] in #90 (comment)