fix: improve opencode session diagnostics

[huilang021x]

Summary

• What changed: enrich session.create no-id errors with sanitized OpenCode baseUrl and a redacted response summary.
• Why: make failures like { error: {}, request: { timeout: false } } actionable without exposing credentials.
• Current phase: ready for review at head 599e7ac.

Scope

• In scope: OpenCode v2 client diagnostics for transient session creation failures; regression tests for URL sanitization and sensitive-field redaction.
• Out of scope: changing noReply behavior, retry logic, plugin initialization flow, or provider selection.
• Risk level: low; only affects error reporting when session.create returns no session id.

Deployment Targets

• Impacted services: opencode-mem plugin runtime.
• Restart/deploy needed: users receive this after a package release/update; no server migration required.
• Target environment: local OpenCode plugin usage.
• Rollback note: revert commit 599e7ac.

Acceptance Plan

• Acceptance criteria: no-id session.create errors include safe diagnostics; sensitive fields are redacted; valid base URLs omit userinfo/query/fragment; existing structured-output behavior remains unchanged.
• Evidence to collect: unit tests and full test suite output.
• Required checks: repository CI.
• Manual verification needed: not required beyond review/CI.

Validation

• Commands run:
  • bun test tests/opencode-provider.test.ts
  • bun run typecheck
  • bun run format:check
  • bun test
  • bun run build
• Result: all passed locally; targeted test suite reported 12 pass / 0 fail; full suite reported 157 pass / 0 fail.
• Evidence links/log snippets: local command output from this branch before PR creation.

[huilang021x]

@codex please review this PR when you have a chance.

Context: this improves diagnostics when OpenCode session.create returns no session id, including sanitized base URL and redacted response details.

[huilang021x]

@codex review 599e7ac