Add security comments to path handling in various scripts to clarify internal constant usage and mitigate path traversal risks. Update logging in registration and verification processes for improved clarity.

scripts/re-encrypt-membership-applications.js

@@ -13,6 +13,8 @@ if (!KEY) {
 }
 
 async function reencryptFile(file) {
+  // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
+  // file comes from fs.readdir(DIR) and is constrained to *.json below.
   const filePath = path.join(DIR, file)
   try {
     const content = await fs.readFile(filePath, 'utf8')