feat(secret): Add built-in secrets rules for Private Packagist

[nicwortel]

Description

Private Packagist is a package repository for Composer, the dependency manager for PHP. It allows businesses to publish private packages for consumption within their organization, mirror open-source packages, receive vulnerability alerts, etc.

Private Packagist generates user and organization tokens for authentication.

All tokens are generated with a prefix and a checksum to help with automated secret scanning.
See https://packagist.com/docs/composer-authentication#token-format.

This pull requests adds built-in rules for the tokens generated by Private Packagist so Trivy can detect them.

Related issues

None.

If you think your change is trivial enough, you can skip the issue and instead add justification and explanation in the PR description.

Checklist

• I've read the guidelines for contributing to this repository.
• I've followed the conventions in the PR title.
• I've added tests that prove my fix is effective or that my feature works.
• I've updated the documentation with the relevant information (if needed).
• I've added usage information (if the PR introduces new options)
• I've included a "before" and "after" example to the description (if the PR is a user interface change).

[nicwortel]

I don't see any other comments referring to the documentation of the token format, but I thought it would be useful.
Let me know if I should remove it.

[nicwortel]

The Private Packagist token actually contains a checksum which can be calculated based on the prefix and random string, but as far as I'm aware Trivy doesn't support this, so I haven't implemented such a check.

[nicwortel]

I couldn't find any documentation on how to choose a severity level for secrets.
How should I determine the level?