Fix error message disclosure in API endpoints

Replace exception getMessage() exposure with generic error messages
to prevent internal information disclosure. Errors are now logged
with full details while clients receive sanitized responses.

Affected endpoints:
- add_comment, update_comment, delete_comment
- update_ticket, export_tickets
- generate_api_key, revoke_api_key
- manage_templates, manage_workflows, manage_recurring
- custom_fields, get_users

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

api/update_ticket.php

@@ -315,13 +315,16 @@ try {
 } catch (Exception $e) {
     // Discard any output that might have been generated
     ob_end_clean();
-    
+
+    // Log error details but don't expose to client
+    error_log("Update ticket API error: " . $e->getMessage());
+
     // Return error response
     header('Content-Type: application/json');
     http_response_code(500);
     echo json_encode([
         'success' => false,
-        'error' => $e->getMessage()
+        'error' => 'An internal error occurred'
     ]);
 }
 ?>