Exclude test files from secret scanning (#31)

Test files contain intentional fake secrets for testing secret detection.
This prevents false positive alerts for MongoDB connection strings and
other test fixtures in src/secrets/detect.test.ts.

diff --git a/.github/secret_scanning.yml b/.github/secret_scanning.yml
new file mode 100644 (file)
index 0000000..7b4622c
--- /dev/null
+++ b/.github/secret_scanning.yml
@@ -0,0 +1,4 @@
+# Exclude test files from secret scanning
+# Test files contain intentional fake secrets for testing secret detection
+paths-ignore:
+  - "src/**/*.test.ts"