fix(security): sanitize player data before logging to prevent log forging

- Replace Serilog @-destructuring with explicit newline stripping on the
player's string representation to address CodeQL alert #384 (CWE-117).

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: nanotaboada

src/Dotnet.Samples.AspNetCore.WebApi/Controllers/PlayerController.cs

@@ -189,11 +189,16 @@ [FromBody] PlayerRequestModel player
             return TypedResults.NotFound();
         }
         await playerService.UpdateAsync(player);
-        // codeql[cs/log-forging] Serilog structured logging with @ destructuring automatically escapes control characters
+        // Sanitize user-provided player data before logging to prevent log forging
+        var sanitizedPlayerString = player?
+            .ToString()?
+            .Replace(Environment.NewLine, string.Empty)
+            .Replace("\r", string.Empty)
+            .Replace("\n", string.Empty);
         logger.LogInformation(
-            "PUT /players/squadNumber/{SquadNumber} updated: {@Player}",
+            "PUT /players/squadNumber/{SquadNumber} updated: {Player}",
             squadNumber,
-            player
+            sanitizedPlayerString
         );
         return TypedResults.NoContent();
     }