Feature (secrets) : Added Alibaba cloud keys detector and validator

[saurabhb-dev]

Description:

This PR introduces a new secret detector and validtor for Alibaba cloud keys

Fixes: #1024

Key Features

• Proximity-Based Detection: Utilizes the veles.pair library to anchor on the LTAI prefix (Access Key ID) and perform a proximity search for the 30-character Secret Key. This minimizes false positives compared to generic string matching.
• Cryptographic Validation: Implemented an RPC-style signature generator. It constructs a canonicalized query string and signs it via HMAC-SHA256 (v1.0 signature) to authenticate against the STS:GetCallerIdentity endpoint.
• Identity Enrichment: The validator differentiates between Root and RAM User accounts. Findings are enriched with:
  • is_ram_user: Boolean flag for account scoping.
  • principal_name: The specific name of the user or "root".
• Protobuf Integration: Updated finding structures in secret.proto and successfully regenerated Go types via make protos.

Verification Results

1. Unit & Lint Testing

• Unit Tests: go test -v ./veles/secrets/alibabaaccesskey/... passed (100% coverage for true/false positives and signature logic).
• Linter: make lint returns 0 issues, adhering to all revive and perfsprint performance constraints.

2. Local E2E Scan Proof
   Verified using a local scalibr build. Example output from scan-result.textproto:

inventory: {
  secrets: {
    secret: {
      alibaba_access_key: {
        access_id: "LTAI5tSjhGTb9CTFkkMQPgj3"
        secret: "FIlOYtkhSlRInGAhrQr6idGMjvt1YK"
        is_ram_user: true
        principal_name: "power-application-user-2"
      }
    }
    status: {
      status: VALID
    }
    location: {
      file: { path: "test.txt" }
    }
  }
}

Checklist

• Code follows the OSV-SCALIBR style guide.
• New finding types added to protobufs.
• make protos executed.
• Linter and Unit tests passed locally.