fix(exception): log the violated constraint name at WARN (#678)

Addresses Tobias's review concern: the generic DataIntegrityViolation
backstop turned every integrity violation into a silent 400 with no
constraint name, no stack, no Sentry — an unanticipated write bug would
fail invisibly in production.

Now extract the constraint NAME from the cause chain (schema metadata, safe
for Loki) and log it parameterized at WARN, so the failure is debuggable.
Still never pass `ex`/`getMessage()` (SQL + values, CWE-209) and still no
Sentry — the response stays generic, so the response logic is not brittle.

New test proves the WARN names the constraint but never carries the SQL.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

backend/src/test/java/org/raddatz/familienarchiv/exception/GlobalExceptionHandlerTest.java

@@ -72,9 +72,48 @@ class GlobalExceptionHandlerTest {
                 .as("logs a WARN line")
                 .anySatisfy(e -> assertThat(e.getLevel()).isEqualTo(Level.WARN));
         assertThat(appender.list)
-                .as("never logs the constraint name / SQL (would re-leak to Loki)")
+                .as("never logs the SQL statement / values (would re-leak to Loki)")
                 .noneSatisfy(e -> {
-                    assertThat(e.getFormattedMessage()).contains("chk_");
+                    assertThat(e.getFormattedMessage()).contains("could not execute statement");
                 });
     }
+
+    @Test
+    void handleDataIntegrityViolation_logsConstraintName_butNotTheSql() {
+        // Debuggability (DevOps): the WARN must name *which* constraint fired so an
+        // unanticipated violation isn't a silent mystery — but it must carry the name only,
+        // never the SQL statement or the offending values that the SQLException message holds.
+        java.sql.SQLException sql = new java.sql.SQLException(
+                "ERROR: violates check constraint; could not execute statement; values (1917-01-10)");
+        org.hibernate.exception.ConstraintViolationException cve =
+                new org.hibernate.exception.ConstraintViolationException(
+                        "constraint violation", sql, "chk_meta_date_end_after_start");
+        DataIntegrityViolationException ex = new DataIntegrityViolationException("wrapper", cve);
+
+        Logger handlerLogger = (Logger) LoggerFactory.getLogger(GlobalExceptionHandler.class);
+        ListAppender<ILoggingEvent> appender = new ListAppender<>();
+        appender.start();
+        handlerLogger.addAppender(appender);
+
+        try (MockedStatic<Sentry> sentryMock = mockStatic(Sentry.class)) {
+            ResponseEntity<GlobalExceptionHandler.ErrorResponse> response =
+                    handler.handleDataIntegrityViolation(ex);
+
+            // Response stays generic and leak-free (CWE-209) regardless of what we log.
+            assertThat(response.getStatusCode().value()).isEqualTo(400);
+            assertThat(response.getBody().message())
+                    .doesNotContain("chk_")
+                    .doesNotContain("meta_date");
+            sentryMock.verifyNoInteractions();
+        } finally {
+            handlerLogger.detachAppender(appender);
+        }
+
+        assertThat(appender.list)
+                .as("WARN names the constraint for debuggability")
+                .anySatisfy(e -> assertThat(e.getFormattedMessage()).contains("chk_meta_date_end_after_start"));
+        assertThat(appender.list)
+                .as("but never the SQL statement or values")
+                .noneSatisfy(e -> assertThat(e.getFormattedMessage()).contains("could not execute statement"));
+    }
 }