fix: security issues and use gitleaks (#163)

* fix(tests): remove unused test constants and helpers

Delete dead test code that caused 41 staticcheck U1000 violations:
- cli/test_constants.go (25 unused constants)
- cli/terminal_test_helpers.go (unused type, method, 7 variables)
- fileproc/test_constants.go (5 unused constants)
- fileproc/processor_test.go (2 unused helper functions)

* fix(security): replace custom secret detection with gitleaks

The hand-rolled check_secrets regex patterns produced false positives
on configKey test values, causing make security-full to fail.

Replace with gitleaks via go run for proper secret detection with
built-in rules and allowlist support for generated report files.

* chore(deps): update dependencies and fix install-tools

Update Go module dependencies to latest versions.
Fix checkmake install path and remove yamllint go install
(yamllint is a Python tool, not installable via go install).

* docs: add design document for gitleaks integration

* feat: update go to 1.25.6

go.mod

@@ -2,6 +2,8 @@ module github.com/ivuorinen/gibidify
 
 go 1.25
 
+toolchain go1.25.6
+
 require (
 	github.com/fatih/color v1.18.0
 	github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06
@@ -14,7 +16,7 @@ require (
 
 require (
 	github.com/fsnotify/fsnotify v1.9.0 // indirect
-	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
+	github.com/go-viper/mapstructure/v2 v2.5.0 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db // indirect
@@ -26,7 +28,7 @@ require (
 	github.com/spf13/pflag v1.0.10 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
-	golang.org/x/sys v0.39.0 // indirect
-	golang.org/x/term v0.38.0 // indirect
+	golang.org/x/sys v0.40.0 // indirect
+	golang.org/x/term v0.39.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
 )