fix(web): disable browser Sentry reporting

[RSO]

Summary

• Remove the repository-default Sentry project configuration so forks and self-hosted deployments do not inherit Kilo's telemetry destination.
• Remove browser Sentry initialization, client capture calls, and CSP reporting while preserving Node and Edge runtime reporting.
• Keep Sentry out of the client dependency graph by moving shared Qwen model IDs to a browser-safe provider module.

Verification

• Inspected the compiled client chunks and confirmed they contain neither Kilo's Sentry DSN/project ID nor the Sentry browser runtime.
• Confirmed the affected authentication, payment, and error UI flows retain their existing fallback behavior.

Visual Changes

N/A

Reviewer Notes

• Server and Edge reporting still use NEXT_PUBLIC_SENTRY_DSN supplied by the official deployment environment; this PR only removes the tracked default and browser reporting paths.
• The production build compiled and typechecked successfully, then stopped during page-data collection because NEXT_PUBLIC_WASTELAND_URL is unavailable in the local environment.

[kilo-code-bot]

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Executive Summary

Removes browser/client-side Sentry reporting and the repository-default Sentry DSN while preserving server/Edge runtime reporting. Qwen model ID constants were moved to a browser-safe provider module to keep Sentry out of client bundles. All callers of removed functions (getSentrySecurityReportUri, getSecurityPolicyReportingHeaders) were updated, and CSP reporting directives were properly stripped from both the policy builder and proxy middleware.

Files Reviewed (18 files)

• ENVIRONMENT.md — 0 issues
• apps/web/.env — 0 issues
• apps/web/instrumentation-client.ts (deleted) — 0 issues
• apps/web/next.config.mjs — 0 issues
• apps/web/src/app/global-error.tsx — 0 issues
• apps/web/src/app/payments/topup/success/page.tsx — 0 issues
• apps/web/src/components/auth/FakeLoginForm.tsx — 0 issues
• apps/web/src/components/auth/StytchClient.tsx — 0 issues
• apps/web/src/hooks/useSignInFlow.ts — 0 issues
• apps/web/src/lib/ai-gateway/auto-model/index.ts — 0 issues
• apps/web/src/lib/ai-gateway/custom-pricing.ts — 0 issues
• apps/web/src/lib/ai-gateway/models.ts — 0 issues
• apps/web/src/lib/ai-gateway/providers/qwen.ts — 0 issues
• apps/web/src/lib/auth/send-magic-link.ts — 0 issues
• apps/web/src/lib/security-headers.test.ts — 0 issues
• apps/web/src/lib/security-headers.ts — 0 issues
• apps/web/src/proxy.ts — 0 issues
• apps/web/tsconfig.json — 0 issues

Fix these issues in Kilo Cloud

---

_{Reviewed by deepseek-v4-pro-20260423 · 418,539 tokens}

_{Review guidance: REVIEW.md from base branch main}