feat(#285): Add input sanitization for XSS prevention

Security improvements:
- Create sanitization utility using sanitize-html library
- Add @Sanitize() and @SanitizeObject() decorators for DTOs
- Apply sanitization to vulnerable fields:
  - Connection rejection/disconnection reasons
  - Connection metadata
  - Identity linking metadata
  - Command payloads
- Remove script tags, event handlers, javascript: URLs
- Prevent data exfiltration, CSS-based XSS, SVG-based XSS

Changes:
- Add sanitize.util.ts with recursive sanitization functions
- Add sanitize.decorator.ts for class-transformer integration
- Update connection.dto.ts with sanitization decorators
- Update identity-linking.dto.ts with sanitization decorators
- Update command.dto.ts with sanitization decorators
- Add comprehensive test coverage including attack vectors

Part of M7.1 Remediation Sprint P1 security fixes.

Fixes #285

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-common-decorators-sanitize.decorator.ts_20260203-2144_1_remediation_needed.md

@@ -0,0 +1,20 @@
+# QA Remediation Report
+
+**File:** /home/jwoltje/src/mosaic-stack/apps/api/src/common/decorators/sanitize.decorator.ts
+**Tool Used:** Write
+**Epic:** general
+**Iteration:** 1
+**Generated:** 2026-02-03 21:44:16
+
+## Status
+
+Pending QA validation
+
+## Next Steps
+
+This report was created by the QA automation hook.
+To process this report, run:
+
+```bash
+claude -p "Use Task tool to launch universal-qa-agent for report: /home/jwoltje/src/mosaic-stack/docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-common-decorators-sanitize.decorator.ts_20260203-2144_1_remediation_needed.md"
+```

docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-common-decorators-sanitize.decorator.ts_20260203-2145_1_remediation_needed.md

@@ -0,0 +1,20 @@
+# QA Remediation Report
+
+**File:** /home/jwoltje/src/mosaic-stack/apps/api/src/common/decorators/sanitize.decorator.ts
+**Tool Used:** Edit
+**Epic:** general
+**Iteration:** 1
+**Generated:** 2026-02-03 21:45:25
+
+## Status
+
+Pending QA validation
+
+## Next Steps
+
+This report was created by the QA automation hook.
+To process this report, run:
+
+```bash
+claude -p "Use Task tool to launch universal-qa-agent for report: /home/jwoltje/src/mosaic-stack/docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-common-decorators-sanitize.decorator.ts_20260203-2145_1_remediation_needed.md"
+```

docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-common-decorators-sanitize.decorator.ts_20260203-2145_2_remediation_needed.md

@@ -0,0 +1,20 @@
+# QA Remediation Report
+
+**File:** /home/jwoltje/src/mosaic-stack/apps/api/src/common/decorators/sanitize.decorator.ts
+**Tool Used:** Edit
+**Epic:** general
+**Iteration:** 2
+**Generated:** 2026-02-03 21:45:31
+
+## Status
+
+Pending QA validation
+
+## Next Steps
+
+This report was created by the QA automation hook.
+To process this report, run:
+
+```bash
+claude -p "Use Task tool to launch universal-qa-agent for report: /home/jwoltje/src/mosaic-stack/docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-common-decorators-sanitize.decorator.ts_20260203-2145_2_remediation_needed.md"
+```

docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-common-decorators-sanitize.decorator.ts_20260203-2146_1_remediation_needed.md

@@ -0,0 +1,20 @@
+# QA Remediation Report
+
+**File:** /home/jwoltje/src/mosaic-stack/apps/api/src/common/decorators/sanitize.decorator.ts
+**Tool Used:** Edit
+**Epic:** general
+**Iteration:** 1
+**Generated:** 2026-02-03 21:46:21
+
+## Status
+
+Pending QA validation
+
+## Next Steps
+
+This report was created by the QA automation hook.
+To process this report, run:
+
+```bash
+claude -p "Use Task tool to launch universal-qa-agent for report: /home/jwoltje/src/mosaic-stack/docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-common-decorators-sanitize.decorator.ts_20260203-2146_1_remediation_needed.md"
+```

docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-common-utils-sanitize.util.spec.ts_20260203-2143_1_remediation_needed.md

@@ -0,0 +1,20 @@
+# QA Remediation Report
+
+**File:** /home/jwoltje/src/mosaic-stack/apps/api/src/common/utils/sanitize.util.spec.ts
+**Tool Used:** Write
+**Epic:** general
+**Iteration:** 1
+**Generated:** 2026-02-03 21:43:46
+
+## Status
+
+Pending QA validation
+
+## Next Steps
+
+This report was created by the QA automation hook.
+To process this report, run:
+
+```bash
+claude -p "Use Task tool to launch universal-qa-agent for report: /home/jwoltje/src/mosaic-stack/docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-common-utils-sanitize.util.spec.ts_20260203-2143_1_remediation_needed.md"
+```

docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-common-utils-sanitize.util.ts_20260203-2144_1_remediation_needed.md

@@ -0,0 +1,20 @@
+# QA Remediation Report
+
+**File:** /home/jwoltje/src/mosaic-stack/apps/api/src/common/utils/sanitize.util.ts
+**Tool Used:** Write
+**Epic:** general
+**Iteration:** 1
+**Generated:** 2026-02-03 21:44:05
+
+## Status
+
+Pending QA validation
+
+## Next Steps
+
+This report was created by the QA automation hook.
+To process this report, run:
+
+```bash
+claude -p "Use Task tool to launch universal-qa-agent for report: /home/jwoltje/src/mosaic-stack/docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-common-utils-sanitize.util.ts_20260203-2144_1_remediation_needed.md"
+```

docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-common-utils-sanitize.util.ts_20260203-2146_1_remediation_needed.md

@@ -0,0 +1,20 @@
+# QA Remediation Report
+
+**File:** /home/jwoltje/src/mosaic-stack/apps/api/src/common/utils/sanitize.util.ts
+**Tool Used:** Edit
+**Epic:** general
+**Iteration:** 1
+**Generated:** 2026-02-03 21:46:12
+
+## Status
+
+Pending QA validation
+
+## Next Steps
+
+This report was created by the QA automation hook.
+To process this report, run:
+
+```bash
+claude -p "Use Task tool to launch universal-qa-agent for report: /home/jwoltje/src/mosaic-stack/docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-common-utils-sanitize.util.ts_20260203-2146_1_remediation_needed.md"
+```

docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-common-utils-sanitize.util.ts_20260203-2146_2_remediation_needed.md

@@ -0,0 +1,20 @@
+# QA Remediation Report
+
+**File:** /home/jwoltje/src/mosaic-stack/apps/api/src/common/utils/sanitize.util.ts
+**Tool Used:** Edit
+**Epic:** general
+**Iteration:** 2
+**Generated:** 2026-02-03 21:46:55
+
+## Status
+
+Pending QA validation
+
+## Next Steps
+
+This report was created by the QA automation hook.
+To process this report, run:
+
+```bash
+claude -p "Use Task tool to launch universal-qa-agent for report: /home/jwoltje/src/mosaic-stack/docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-common-utils-sanitize.util.ts_20260203-2146_2_remediation_needed.md"
+```

docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-common-utils-sanitize.util.ts_20260203-2147_1_remediation_needed.md

@@ -0,0 +1,20 @@
+# QA Remediation Report
+
+**File:** /home/jwoltje/src/mosaic-stack/apps/api/src/common/utils/sanitize.util.ts
+**Tool Used:** Edit
+**Epic:** general
+**Iteration:** 1
+**Generated:** 2026-02-03 21:47:02
+
+## Status
+
+Pending QA validation
+
+## Next Steps
+
+This report was created by the QA automation hook.
+To process this report, run:
+
+```bash
+claude -p "Use Task tool to launch universal-qa-agent for report: /home/jwoltje/src/mosaic-stack/docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-common-utils-sanitize.util.ts_20260203-2147_1_remediation_needed.md"
+```

docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-common-utils-sanitize.util.ts_20260203-2147_2_remediation_needed.md

@@ -0,0 +1,20 @@
+# QA Remediation Report
+
+**File:** /home/jwoltje/src/mosaic-stack/apps/api/src/common/utils/sanitize.util.ts
+**Tool Used:** Edit
+**Epic:** general
+**Iteration:** 2
+**Generated:** 2026-02-03 21:47:27
+
+## Status
+
+Pending QA validation
+
+## Next Steps
+
+This report was created by the QA automation hook.
+To process this report, run:
+
+```bash
+claude -p "Use Task tool to launch universal-qa-agent for report: /home/jwoltje/src/mosaic-stack/docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-common-utils-sanitize.util.ts_20260203-2147_2_remediation_needed.md"
+```

docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-federation-dto-command.dto.ts_20260203-2144_1_remediation_needed.md

@@ -0,0 +1,20 @@
+# QA Remediation Report
+
+**File:** /home/jwoltje/src/mosaic-stack/apps/api/src/federation/dto/command.dto.ts
+**Tool Used:** Edit
+**Epic:** general
+**Iteration:** 1
+**Generated:** 2026-02-03 21:44:42
+
+## Status
+
+Pending QA validation
+
+## Next Steps
+
+This report was created by the QA automation hook.
+To process this report, run:
+
+```bash
+claude -p "Use Task tool to launch universal-qa-agent for report: /home/jwoltje/src/mosaic-stack/docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-federation-dto-command.dto.ts_20260203-2144_1_remediation_needed.md"
+```

docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-federation-dto-command.dto.ts_20260203-2144_2_remediation_needed.md

@@ -0,0 +1,20 @@
+# QA Remediation Report
+
+**File:** /home/jwoltje/src/mosaic-stack/apps/api/src/federation/dto/command.dto.ts
+**Tool Used:** Edit
+**Epic:** general
+**Iteration:** 2
+**Generated:** 2026-02-03 21:44:50
+
+## Status
+
+Pending QA validation
+
+## Next Steps
+
+This report was created by the QA automation hook.
+To process this report, run:
+
+```bash
+claude -p "Use Task tool to launch universal-qa-agent for report: /home/jwoltje/src/mosaic-stack/docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-federation-dto-command.dto.ts_20260203-2144_2_remediation_needed.md"
+```

docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-federation-dto-connection.dto.ts_20260203-2144_1_remediation_needed.md

@@ -0,0 +1,20 @@
+# QA Remediation Report
+
+**File:** /home/jwoltje/src/mosaic-stack/apps/api/src/federation/dto/connection.dto.ts
+**Tool Used:** Edit
+**Epic:** general
+**Iteration:** 1
+**Generated:** 2026-02-03 21:44:21
+
+## Status
+
+Pending QA validation
+
+## Next Steps
+
+This report was created by the QA automation hook.
+To process this report, run:
+
+```bash
+claude -p "Use Task tool to launch universal-qa-agent for report: /home/jwoltje/src/mosaic-stack/docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-federation-dto-connection.dto.ts_20260203-2144_1_remediation_needed.md"
+```

docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-federation-dto-connection.dto.ts_20260203-2144_2_remediation_needed.md

@@ -0,0 +1,20 @@
+# QA Remediation Report
+
+**File:** /home/jwoltje/src/mosaic-stack/apps/api/src/federation/dto/connection.dto.ts
+**Tool Used:** Edit
+**Epic:** general
+**Iteration:** 2
+**Generated:** 2026-02-03 21:44:26
+
+## Status
+
+Pending QA validation
+
+## Next Steps
+
+This report was created by the QA automation hook.
+To process this report, run:
+
+```bash
+claude -p "Use Task tool to launch universal-qa-agent for report: /home/jwoltje/src/mosaic-stack/docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-federation-dto-connection.dto.ts_20260203-2144_2_remediation_needed.md"
+```

docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-federation-dto-identity-linking.dto.ts_20260203-2144_1_remediation_needed.md

@@ -0,0 +1,20 @@
+# QA Remediation Report
+
+**File:** /home/jwoltje/src/mosaic-stack/apps/api/src/federation/dto/identity-linking.dto.ts
+**Tool Used:** Edit
+**Epic:** general
+**Iteration:** 1
+**Generated:** 2026-02-03 21:44:31
+
+## Status
+
+Pending QA validation
+
+## Next Steps
+
+This report was created by the QA automation hook.
+To process this report, run:
+
+```bash
+claude -p "Use Task tool to launch universal-qa-agent for report: /home/jwoltje/src/mosaic-stack/docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-federation-dto-identity-linking.dto.ts_20260203-2144_1_remediation_needed.md"
+```

docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-federation-dto-identity-linking.dto.ts_20260203-2144_2_remediation_needed.md

@@ -0,0 +1,20 @@
+# QA Remediation Report
+
+**File:** /home/jwoltje/src/mosaic-stack/apps/api/src/federation/dto/identity-linking.dto.ts
+**Tool Used:** Edit
+**Epic:** general
+**Iteration:** 2
+**Generated:** 2026-02-03 21:44:37
+
+## Status
+
+Pending QA validation
+
+## Next Steps
+
+This report was created by the QA automation hook.
+To process this report, run:
+
+```bash
+claude -p "Use Task tool to launch universal-qa-agent for report: /home/jwoltje/src/mosaic-stack/docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-federation-dto-identity-linking.dto.ts_20260203-2144_2_remediation_needed.md"
+```

docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-federation-dto-sanitization.integration.spec.ts_20260203-2145_1_remediation_needed.md

@@ -0,0 +1,20 @@
+# QA Remediation Report
+
+**File:** /home/jwoltje/src/mosaic-stack/apps/api/src/federation/dto/sanitization.integration.spec.ts
+**Tool Used:** Write
+**Epic:** general
+**Iteration:** 1
+**Generated:** 2026-02-03 21:45:15
+
+## Status
+
+Pending QA validation
+
+## Next Steps
+
+This report was created by the QA automation hook.
+To process this report, run:
+
+```bash
+claude -p "Use Task tool to launch universal-qa-agent for report: /home/jwoltje/src/mosaic-stack/docs/reports/qa-automation/pending/home-jwoltje-src-mosaic-stack-apps-api-src-federation-dto-sanitization.integration.spec.ts_20260203-2145_1_remediation_needed.md"
+```