Features improvements

[iazaran]

Description

This PR hardens TraceReplay for production usage by fixing database portability issues in dashboard stats, improving sensitive data masking, and reducing unnecessary tracing overhead for sampled-out requests.

It also adds regression coverage for PostgreSQL-compatible SQL literals, portable JSON operation counts, sensitive payload redaction, streamed responses, and production-safe trace capture behavior.

Changes Made

• Fixed dashboard SQL portability by replacing double-quoted SQL string literals with single-quoted literals and avoiding PostgreSQL-specific JSON casts.
• Reworked dashboard HTTP/mail operation counts to use Laravel whereJsonLength(...) for portable JSON array checks.
• Improved PayloadMasker to mask sensitive URL query parameters, URL passwords, and common key format variants like access_token, accessToken, and access-token.
• Redacted DB query bindings by default with a new TRACE_REPLAY_TRACK_DB_BINDINGS config option.
• Masked outbound HTTP call URLs and log context before storing trace step metadata.
• Made API token comparison timing-safe with hash_equals().
• Made TraceMiddleware skip request/response payload work when sampling skips a request.
• Safely handles streamed or binary responses without trying to read unavailable response content.
• Added production guidance for low-cost servers in the README.
• Added regression tests for JSON operation counts, masking behavior, DB binding redaction, streamed responses, and sampled-out request performance.

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have made corresponding changes to the documentation
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

Related Issues

N/A