fix(query): fix fp in password and secrets Generic Token

[cx-andre-pereira]

Reason for Proposed Changes

• Currently the implementation to prevent flagging of github id-token(s) such as : 'id-token: write' is not detecting relevant instances reliably.
• The regex used at the moment ((?i)['\"]?id-token\\s*[:=]\\s*(write|read|none)\\s*$) is faulty and inconsistent relative to the rest of the regex rules for passwords_and_secrets's regex_rules.
• This regex stands out for its requirement to scan a full line to detect the id-token ($ => "end of string"), this way something like a trailing comment will have to be explicitly captured by the regex or a text like : permissions: {id-token: write, contents: ...} will also require the capture of unnecessary text.

Proposed Changes

• To better standardize regex logic i propose the implementation of an updated regex:
  • (?i)['\"]?id-token['\"]?\\s*[:=]\\s*(write|read|none)
• Aside from the obvious removal of the undesirable \\s*$, i added an extra check ['\"]? after the "id-token" key-word to better align the regex composition logic with most other regex rules.
• With this implementation detection of the "id-token" is much more reliable and independent of trailing comments or any data structure it might find itself within.
• Finally the 2 new tests positive53 and negative53 verify, respectively, that the id-token is detected when there is a trailing comment and that it is flagged with an invalid command.

NOTE: the regex are written with double backslashes to represent the exact characters used in the passwords_and_secrets's regex_rules file strings for they are literal strings, not raw.

originalPR

I submit this contribution under the Apache-2.0 license.

[cx-eduardo-semanas]

LGTM