chore 📦: Update Gitleaks configuration and README

Add `--config-path .gitleaks.toml` to pr-check.yaml and create a new `.gitleaks.toml` file with allowlist and rules for security scanning. Rename 'API utilities' to 'Utilities' in the README.md table.

.gitea/workflows/pr-check.yaml

@@ -26,6 +26,7 @@ jobs:
       - name: Run Gitleaks
         run: |
           gitleaks dir . \
+            --config-path .gitleaks.toml \
             --redact=10 \
             --verbose \
             --exit-code 1

.gitleaks.toml

@@ -0,0 +1,30 @@
+title = "Gitleaks Config"
+
+# ==========================
+# Allowlist / False Positive Rules
+# ==========================
+# [[allowlist]]
+# description = "Ignore placeholder secrets in README.md"
+# filepath = "README.md"
+# # Add all placeholder-like patterns that trigger false positives
+# regex = "cafebabe|deadbeef|DB_PASSWORD"
+
+[[allowlist]]
+description = "Ignore badge URLs in README"
+filepath = "README.md"
+regex = "https://img.shields.io"
+
+# ==========================
+# Rules
+# ==========================
+[[rules]]
+id = "generic-api-key"
+description = "Generic API Key"
+regex = "(?i)(api[_-]?key|secret|token)=\\S+"
+entropy = 3.5
+
+[[rules]]
+id = "sidekiq-secret"
+description = "Sidekiq Secret"
+regex = "export BUNDLE_ENTERPRISE__CONTRIBSYS__COM=\\S+"
+entropy = 2.5

README.md

@@ -26,7 +26,7 @@
 | Swap handling            |  ✅   |  ✅   |  ✅   |
 | Logrotate protection     |  ✅   |  ✅   |  ✅   |
 | Powertop auto-tune       |  ✅   |  ✅   |  ✅   |
-| API utilities            |  ✅   |  ✅   |  ✅   |
+| Utilities                |  ✅   |  ✅   |  ✅   |
 
 ## 📂 Directory Structure