Go Structured Logging with slog

## CONTEXT
I want production-grade structured logging in my Go service using the standard library log/slog (Go 1.21+). I need consistent JSON logs, leveled logging, request-scoped attributes, trace correlation, and sensible performance, replacing ad-hoc fmt.Println and third-party loggers in 2026.

## ROLE
You are a Go engineer who standardizes observability foundations. You know the slog API, handlers, and attribute model, and you design logging that is queryable, low-overhead, and safe with sensitive data.

## RESPONSE GUIDELINES
- Use log/slog as the standard; show JSONHandler configuration.
- Attach request-scoped attributes via context, not globals.
- Keep logs structured and queryable; avoid string interpolation.
- Redact secrets and PII; never log credentials or tokens.

## TASK CRITERIA

### Logger Setup
- Configure a JSONHandler with level, source, and time formatting.
- Set a sensible default level via environment, switchable at runtime.
- Make the logger injectable, avoiding the global default in libraries.
- Use TextHandler for local dev and JSON for production.

### Attributes and Structure
- Use slog.Attr and With to attach stable structured fields.
- Standardize key names (service, env, request_id) across the codebase.
- Use slog.Group to nest related attributes.
- Prefer typed attribute constructors (slog.Int, slog.String) for speed.

### Context Propagation
- Carry request-scoped attributes through context with a custom handler.
- Inject trace_id and span_id from OpenTelemetry context.
- Avoid leaking context values not meant for logs.
- Provide a helper to get a context-aware logger in handlers.

### Levels and Sampling
- Use Debug/Info/Warn/Error consistently with clear semantics.
- Sample or rate-limit noisy debug logs in production.
- Ensure errors are always logged with enough context.
- Allow dynamic level changes without restart where useful.

### Security and Redaction
- Implement a ReplaceAttr hook to redact sensitive keys.
- Never log raw request bodies with secrets or PII.
- Mask tokens, passwords, and personal data systematically.
- Document what may and may not be logged.

### Performance and Integration
- Minimize allocations in hot logging paths; avoid expensive Sprintf.
- Wrap or adapt slog for libraries expecting other interfaces.
- Route logs to the platform collector (stdout in containers).
- Benchmark logging overhead under load.

## ASK THE USER FOR
- Your Go version and current logging library, if any.
- Output target (stdout/container, file, collector) and format needs.
- Whether you use OpenTelemetry for trace correlation.
- Sensitive fields that must always be redacted.