[Workflows] Add sensitive step output option

[pombosilva]

Adds an optional sensitive field to WorkflowStepConfig and WorkflowStepEvent.

This lets workflow users mark a step's output (or an incoming step event payload) as sensitive so the Workflows runtime can redact it from logs and observability surfaces.

 const token = await step.do('get-api-token',
      { sensitive: 'output', timeout: '30 seconds' },
      async () => {
        return await getToken(event.payload.userId);
      }
);

[ask-bonk]

The files in generated-snapshot/ are generated files. The AGENTS.md for types/ explicitly says: "Do not edit files in generated-snapshot/ directly — they are overwritten by just generate-types." However, for pure defines/ additions like this, the generated snapshots are produced by concatenating the defines files, so the changes are consistent and correct as long as they pass CI's diff check.

The PR is a straightforward, additive type change:

1. New WorkflowStepSensitivity = 'output' type alias
2. Optional sensitive field added to WorkflowStepConfig and WorkflowStepEvent
3. All fields are optional, so this is backward compatible
4. No behavioral changes, no compat flag needed (it's just types)
5. The changes in generated-snapshot/ mirror the defines/rpc.d.ts changes correctly

This is clean and correct. No actionable issues.

LGTM

github run

[codspeed-hq]

Merging this PR will not alter performance

✅ 72 untouched benchmarks
⏩ 129 skipped benchmarks¹

---

_{Comparing osilva/workflows-add-sensitive-step-option (6cb3fd0) with main (f116855)}

Footnotes

1. 129 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

[jamesopstad]

Is the idea that there might be alternatives to output in future? How will it work if there are multiple options for sensitive?