Add Hard-coded secret and Non-configurable secret rules

[MohamedSabthar]

Purpose

Related issue: ballerina-platform/ballerina-library#7283

Check List

• Read the Contributing Guide
• Added necessary tests
  • Unit Tests

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[azinneera]

Closing since this is not being worked on atm. Will reopen when necessary.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[Copilot]

Pull Request Overview

This PR adds two new static analysis rules for detecting hard-coded secrets and non-configurable secrets, addressing ballerina-platform/ballerina-library#7283.

• Introduces new rules via the CoreRule enum and integrates them into the secret checking logic through SecretChecker.
• Updates various tests and resource paths to reflect the new rules and refactors the test resource usage.

Reviewed Changes

Copilot reviewed 47 out of 47 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
scan-command/src/test/resources/command-outputs/unix/list-rules-output.txt	Updated expected rule listings including new secret rules.
scan-command/src/test/java/io/ballerina/scan/utils/ScanUtilsTest.java	Refactored resource path usage to use TEST_RESOURCES.
scan-command/src/test/java/io/ballerina/scan/internal/StaticCodeAnalyzerTest.java	Updated to use new utility methods for module loading.
scan-command/src/test/java/io/ballerina/scan/internal/ScanCmdTest.java	Updated several tests to use TEST_RESOURCES consistently.
scan-command/src/test/java/io/ballerina/scan/internal/Rule004Test.java	Added tests for non-configurable secret detection.
scan-command/src/test/java/io/ballerina/scan/internal/Rule003Test.java	Added tests for hard-coded secret detection.
scan-command/src/test/java/io/ballerina/scan/internal/CoreRuleTest.java	Updated tests to include verification for the new secret rules.
scan-command/src/test/java/io/ballerina/scan/BaseTest.java	Changed resource reference for consistency.
scan-command/src/main/java/io/ballerina/scan/internal/StaticCodeAnalyzer.java	Integrated SecretChecker into the analysis phase.
scan-command/src/main/java/io/ballerina/scan/internal/SensitiveParameterTracker.java	Updated user data retrieval and refactored constant resource references.
scan-command/src/main/java/io/ballerina/scan/internal/SecretChecker.java	Added secret-checking logic using new rules and patterns.
scan-command/src/main/java/io/ballerina/scan/internal/ScannerContextImpl.java	Extended context to include user data for secret analysis.
scan-command/src/main/java/io/ballerina/scan/internal/ProjectAnalyzer.java	Split scanning and analyzing phases to use collected user data.
scan-command/src/main/java/io/ballerina/scan/internal/FunctionWithSensitiveParams.java	Introduced a record for tracking sensitive parameter positions.
scan-command/src/main/java/io/ballerina/scan/internal/CoreRule.java	Added the hard-coded secret and non-configurable secret rules.
scan-command/src/main/java/io/ballerina/scan/ScannerContext.java	Updated interface to expose user data for secret processing.
scan-command/build.gradle & gradle.properties	Minor updates for logging and version bump.

Comments suppressed due to low confidence (1)

scan-command/src/test/java/io/ballerina/scan/internal/CoreRuleTest.java:57

• [nitpick] The method name 'testHadCodedSecretRule' appears to have a typo; consider renaming it to 'testHardCodedSecretRule' for clarity.

void testHadCodedSecretRule() {