[executor] TxBuilder derives Debug over PrivateKeySigner — private key leak via tracing

[obchain]

PR: #41 (feat/executor: transaction builder + eth_call simulator)
File: crates/charon-executor/src/builder.rs
Refs #41

Problem

TxBuilder is declared as:

#[derive(Debug, Clone)]
pub struct TxBuilder {
    signer: PrivateKeySigner,
    chain_id: u64,
    liquidator: Address,
}

PrivateKeySigner wraps a k256::ecdsa::SigningKey. k256's Debug impl outputs the signing key scalar. Any call to {:?} or {:#?} on a TxBuilder — or on any struct that embeds one and also derives Debug — will serialize the private key to the tracing subscriber, stderr, or any log sink.

Concrete paths where this fires:

• tracing::debug!("{:?}", builder) added by a future developer.
• A test assertion failure printing assert_eq!(left, right) where either side is a TxBuilder.
• A panic handler that formats the value with {:#?}.

Impact

Hot wallet private key exposed to any log sink (stdout, file, remote collector). This is a critical secret leak.

CLAUDE.md clause

"Secrets (private keys, API tokens) never go into the repo." The same principle extends to runtime log output.

Fix

Remove Debug from the derive list. Implement Debug manually and redact the signer field:

impl fmt::Debug for TxBuilder {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.debug_struct("TxBuilder")
            .field("signer", &"[redacted]")
            .field("chain_id", &self.chain_id)
            .field("liquidator", &self.liquidator)
            .finish()
    }
}

[obchain]

Resolved in ad042ec on feat/16-executor-builder-and-sim.