Add gitleaks pre-commit hook for secret detection

[devin-ai-integration]

Summary

Adds gitleaks as a pre-commit hook to automatically detect secrets before they are committed. This PR introduces three changes:

• .pre-commit-config.yaml — Configures the gitleaks hook (pinned to v8.30.1).
• .gitleaks.toml — Custom gitleaks config with an allowlist that excludes *.lock and package-lock.json files from scanning.
• README.md — Appends a "Pre-commit Hooks" section with setup instructions.

Review & Testing Checklist for Human

• Verify gitleaks v8.30.1 is acceptable (latest stable at time of PR creation).
• Confirm the .gitleaks.toml allowlist paths are appropriate for this repo — no project-specific secrets paths or test fixtures that should also be excluded.
• Run pre-commit install && pre-commit run --all-files locally to validate gitleaks runs cleanly against the existing codebase (CI does not verify this).

Notes

• No application code was modified; this is purely developer tooling configuration.
• Developers will need to run pip install pre-commit && pre-commit install once to activate the hook locally.

Link to Devin session: https://partner-workshops.devinenterprise.com/sessions/cb042592bbee4434846b387a669ba5cb

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring