What is the primary mitigation against a genomic RAG app leaking raw sequence data to an external LLM?