fix: logging security

[caterryan]

Do not log full resolved filesystem paths for config/cert/key failures. Use generic messages like CA certificate file not accessible.

local path disclosure and file-existence probing
All four plugins accept user-controlled config_file_path and optional cert/key paths. They resolve relative paths against PLUGIN_DIR, check/open files, then log str(e) on failure. That can reveal absolute paths,
PLUGIN_DIR, and whether paths exist/readable.

Examples:

• MQTT config/cert paths: mqtt_subscriber/mqtt_subscriber.py:262, mqtt_subscriber/mqtt_subscriber.py:794, logged at mqtt_subscriber/mqtt_subscriber.py:1937
• Kafka config/cert paths: kafka_subscriber/kafka_subscriber.py:281, kafka_subscriber/kafka_subscriber.py:866, logged at kafka_subscriber/kafka_subscriber.py:1966
• AMQP config/cert paths: amqp_subscriber/amqp_subscriber.py:268, amqp_subscriber/amqp_subscriber.py:741, logged at amqp_subscriber/amqp_subscriber.py:1838
• OPC UA config/cert paths: opcua/opcua.py:315, opcua/opcua.py:959, logged at opcua/opcua.py:1875

Downsampler — has issues

• Line 1143: Downsampling task started at {call_time} with args: {args} — logs the full args dict at the start of every run.
• Line 1165: New args content: {args} — after args = tomllib.load(open(config_file_path)), logs the TOML file's parsed contents.
• Line 1167: generic Failed to read config file (no str(e)) — content leak via parser exception is closed.

Basic Transformation — has issues (same shape as downsampler)

• Line 1373: Starting scheduled call with args: {args} and call_time: {call_time} — full args.
• Line 1391: New args content: {args} — full TOML content.
• Line 1393: generic Failed to read config file — exception text not echoed.
• Lines 1430-1431, 1439, 1444: log specific config sections (transformations, filters, query window). All derived from args; no extra fields beyond what 1373 already logged.

NWS Weather — minor self-leak only

• Line 90: NWS Plugin started at {call_time} with args {args} — logs full args.