fix(drivers): implement ResourceDriver.SensitiveKeys stub

[intel352]

Summary

Adds the SensitiveKeys() []string method (returning nil) to all 13 ResourceDriver implementations in this plugin.

Why

The SensitiveKeys() method was added to interfaces.ResourceDriver in GoCodeAlone/workflow on 2026-04-08 (commit 4853126). This plugin's drivers never adopted the new method, leaving an interface-implementation gap that the pinned workflow v0.3.56 masked. The gap is now surfaced by workflow PR #534's new cross-plugin-build CI gate, which compiles each plugin against current workflow main.

What

13 driver types affected (one stub each):

• ACMDriver, ALBDriver, APIGatewayDriver, ECRDriver, ECSDriver, EKSDriver, ElastiCacheDriver, IAMDriver, RDSDriver, Route53Driver, S3Driver, SecurityGroupDriver, VPCDriver

Each gains:

// SensitiveKeys returns output keys whose values should be masked in logs and plan output.
func (d *XDriver) SensitiveKeys() []string { return nil }

nil is the standard "no sensitive outputs" stub. Per-driver review of which output keys (if any) actually warrant masking is a follow-up activity outside this PR's scope.

Test plan

• go build ./... clean against pinned workflow v0.3.56
• go test ./... passes (drivers + provider packages green)
• Verified against workflow v0.20.5 locally: all 13 ResourceDriver interface satisfaction errors disappear (a separate IaCProvider.BootstrapStateBackend gap remains, out of scope for this PR)

Follow-ups

• IaCProvider.BootstrapStateBackend missing on *AWSProvider — separate interface-gap PR needed.
• Per-driver audit of whether any current Outputs keys merit a non-nil SensitiveKeys return.

[Copilot]

Pull request overview

This PR updates the AWS plugin’s resource drivers to satisfy the newer interfaces.ResourceDriver contract by adding a SensitiveKeys() []string stub to each resource-driver implementation. It keeps the plugin compatible with the workflow interface change without changing existing resource output shapes.

Changes:

• Add SensitiveKeys() []string { return nil } to all 13 AWS ResourceDriver implementations.
• Document each new method as the log/plan masking hook for resource outputs.
• Preserve the existing per-driver interface satisfaction checks with the new method now implemented.

Reviewed changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
drivers/acm.go	Adds SensitiveKeys stub for ACM certificate resources.
drivers/alb.go	Adds SensitiveKeys stub for load balancer resources.
drivers/apigateway.go	Adds SensitiveKeys stub for API Gateway resources.
drivers/ecr.go	Adds SensitiveKeys stub for container registry resources.
drivers/ecs.go	Adds SensitiveKeys stub for ECS service resources.
drivers/eks.go	Adds SensitiveKeys stub for EKS cluster resources.
drivers/elasticache.go	Adds SensitiveKeys stub for cache resources.
drivers/iam.go	Adds SensitiveKeys stub for IAM role resources.
drivers/rds.go	Adds SensitiveKeys stub for RDS database resources.
drivers/route53.go	Adds SensitiveKeys stub for DNS resources.
drivers/s3.go	Adds SensitiveKeys stub for S3 storage resources.
drivers/sg.go	Adds SensitiveKeys stub for security group resources.
drivers/vpc.go	Adds SensitiveKeys stub for VPC resources.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.