fix(security): redact sensitive session IDs in marathonctl output

Addresses CodeQL cleartext-logging alerts (#1, #2, #3) by implementing
session ID redaction for CLI output.

Changes:
- Extract marathonctl into standalone crate (crates/marathonctl)
- Add session ID redaction showing only first 8 characters by default
- Add --show-sensitive/-s flag for full session IDs when debugging
- Implement beautiful ratatui-based UI module with inline viewport
- Add .envrc to .gitignore for secure token management
- Document GitHub token setup in CONTRIBUTING.md

The CLI now provides a secure-by-default experience while maintaining
debugging capabilities through explicit opt-in flags. Session IDs are
redacted to format "abc-def-..." unless --show-sensitive is specified.

UI module provides easy-to-use builder APIs (ui::table, ui::grid, ui::list)
that render beautiful terminal output without hijacking the terminal.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

Cargo.toml

@@ -1,5 +1,5 @@
 [workspace]
-members = ["crates/libmarathon", "crates/macros", "crates/app", "crates/xtask"]
+members = ["crates/libmarathon", "crates/macros", "crates/app", "crates/xtask", "crates/marathonctl"]
 resolver = "2"
 
 [workspace.package]