feat(creds): surface plaintext/b64 secret on reuse findings

The CredentialReuse table only stores the sha256+kind hash of the
secret; the printable + b64 forms live on the underlying Credential
rows. The dashboard drawer was therefore showing only the hash, which
defeats most of the value of having a reuse view in the first place.

Repo helpers list_credential_reuses + get_credential_reuse_by_id now
issue one batched SELECT against credentials keyed on the sha256s in
the result page and graft secret_printable + secret_b64 onto each row
before returning. The drawer renders the same printable/b64 code-block
the credentials inspector uses.

decnet_web/src/components/CredentialReuseInspector.tsx

@@ -19,6 +19,8 @@ export interface CredentialReuseRow {
   first_seen: string;
   last_seen: string;
   updated_at: string;
+  secret_printable: string | null;
+  secret_b64: string | null;
 }
 
 interface Props {
@@ -136,6 +138,16 @@ const CredentialReuseInspector: React.FC<Props> = ({ row, onClose }) => {
             )}
           </div>
 
+          <div>
+            <div className="type-label">{isPlain ? 'PLAINTEXT SECRET' : 'OBSERVED RESPONSE'}</div>
+            <pre className="code-block">
+              <span className="ck">printable:</span>{' '}
+              <span className="cs">{row.secret_printable ?? '—'}</span>{'\n'}
+              <span className="ck">b64:</span>{' '}
+              <span className="cs">{row.secret_b64 ?? '—'}</span>
+            </pre>
+          </div>
+
           <div>
             <div className="type-label">SECRET SHA-256</div>
             <div className="hash-row">