For comparison, the Weak Passwords UI already does this. We should hide trashed records from Dark Web Monitoring breach lists for consistency.

As a workaround, I can manually empty the trash as I work through breach results. But that's a much slower workflow than emptying the trash exactly once, after I am satisfied that the breaches are resolved.