The hand-rolled check_secrets regex patterns produced false positives
on configKey test values, causing make security-full to fail.
Replace with gitleaks via go run for proper secret detection with
built-in rules and allowlist support for generated report files.
