test(security): add E2E tests for command injection and credential sanitization

Adds two new Brev E2E test suites targeting the vulnerabilities fixed by
PR NVIDIA#119 (Telegram bridge command injection) and PR NVIDIA#156 (credential
exposure in migration snapshots + blueprint digest bypass).

Test suites:
- test-telegram-injection.sh: 8 tests covering command substitution,
  backtick injection, quote-breakout, parameter expansion, process
  table leaks, and SANDBOX_NAME validation
- test-credential-sanitization.sh: 13 tests covering auth-profiles.json
  deletion, credential field stripping, non-credential preservation,
  symlink safety, blueprint digest verification, and pattern-based
  field detection

These tests are expected to FAIL on main (unfixed code) and PASS
once PR NVIDIA#119 and NVIDIA#156 are merged.

Refs: NVIDIA#118, NVIDIA#119, NVIDIA#156, NVIDIA#813

Author: jyaunches

.github/workflows/e2e-brev.yaml

@@ -22,6 +22,7 @@ on:
         options:
           - full
           - credential-sanitization
+          - telegram-injection
           - all
       keep_alive:
         description: "Keep Brev instance alive after tests (for SSH debugging)"

test/e2e/brev-e2e.test.js

@@ -175,4 +175,14 @@ describe.runIf(hasRequiredVars)("Brev E2E", () => {
     },
     600_000,
   );
+
+  it.runIf(TEST_SUITE === "telegram-injection" || TEST_SUITE === "all")(
+    "telegram bridge injection suite passes on remote VM",
+    () => {
+      const output = runRemoteTest("test/e2e/test-telegram-injection.sh");
+      expect(output).toContain("PASS");
+      expect(output).not.toMatch(/FAIL:/);
+    },
+    600_000,
+  );
 });