feat(trigger): add plugin trigger workflow support and refactor trigger system

- Add new workflow plugin trigger service for managing plugin-based triggers
- Implement trigger provider encryption utilities for secure credential storage
- Add custom trigger errors module for better error handling
- Refactor trigger provider and manager classes for improved plugin integration
- Update API endpoints to support plugin trigger workflows
- Add database migration for plugin trigger workflow support

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

api/core/trigger/utils/encryption.py

@@ -1,5 +1,7 @@
+from collections.abc import Mapping
 from typing import Union
 
+from core.entities.provider_entities import BasicProviderConfig, ProviderConfig
 from core.helper.provider_cache import TriggerProviderCredentialsCache, TriggerProviderOAuthClientParamsCache
 from core.helper.provider_encryption import ProviderConfigCache, ProviderConfigEncrypter, create_provider_encrypter
 from core.plugin.entities.plugin_daemon import CredentialType
@@ -55,3 +57,24 @@ def create_trigger_provider_oauth_encrypter(
         cache=cache,
     )
     return encrypter, cache
+
+
+def masked_credentials(
+    schemas: list[ProviderConfig],
+    credentials: Mapping[str, str],
+) -> Mapping[str, str]:
+    masked_credentials = {}
+    configs = {x.name: x.to_basic_provider_config() for x in schemas}
+    for key, value in credentials.items():
+        config = configs.get(key)
+        if not config:
+            masked_credentials[key] = value
+            continue
+        if config.type == BasicProviderConfig.Type.SECRET_INPUT:
+            if len(value) <= 4:
+                masked_credentials[key] = "*" * len(value)
+            else:
+                masked_credentials[key] = value[:2] + "*" * (len(value) - 4) + value[-2:]
+        else:
+            masked_credentials[key] = value
+    return masked_credentials