observability(rees): standardize Sentry tags and fingerprints

[JSONbored]

Part of #998. Related: #1732.

Context

REES now has Sentry error capture and release/source-map upload, but its event taxonomy is still lighter than the self-host runtime. Operators should be able to group and filter REES issues by route, analyzer, repo, release, deployment, and event type without relying on free-text log search.

Requirements

• Define a small allowlist of REES Sentry tags and apply it consistently across route errors, unhandled exceptions, source-map upload failures, and analyzer degradation events.
• Suggested tags: event, route, method, repo, pullNumber, analyzer, release, environment, railwayDeploymentId.
• Use stable fingerprints for known operational classes: source-map upload failure, analyzer degradation by analyzer, auth/config failure, and route-level exceptions.
• Keep high-cardinality or sensitive values in sanitized context only, not tags.
• Do not attach request bodies, diffs, authorization headers, tokens, or prompt/review content.

Deliverables

• REES Sentry tag/fingerprint helper.
• Updated capture sites in review-enrichment/src/sentry.ts, review-enrichment/src/server.ts, review-enrichment/src/upload-sourcemaps.ts, and analyzer degradation capture from observability(rees): capture degraded analyzer runs in Sentry #1732 as applicable.
• Unit tests for tag allowlisting, fingerprint stability, and redaction.
• Short troubleshooting doc showing useful Sentry queries for REES issues.

Acceptance criteria

• REES production issues can be filtered by release, environment, event, route, analyzer, and repo/PR when applicable.
• Repeated failures group predictably instead of fragmenting by variable error text.
• No sensitive request or review payload content is present in Sentry event data.