chore(deps): update zricethezav/gitleaks docker tag to v8.23.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
zricethezav/gitleaks		minor	v8.22.1 -> v8.23.0
zricethezav/gitleaks	stage	minor	v8.22.1 -> v8.23.0

---

Release Notes

gitleaks/gitleaks (zricethezav/gitleaks)

v8.23.0

Compare Source

Changelog

• db8e5e6 feat(generate): use multiple allowlists (#​1691)
• 973c794 chore(rules): include fps in reference (#​1471)
• f0d4499 Add comma as operator for GenerateSemiGenericRegex (#​1679)
• ab38a46 refactor: central logger (#​1692)
• b022d1c friendship ended with tines

READ THIS!!! The default gitleaks config now uses [[rules.allowlists]]

### ⚠️ In v8.21.0 `[rules.allowlist]` was replaced with `[[rules.allowlists]]`.
### This change was backwards-compatible: instances of `[rules.allowlist]` still  work.
    #

### You can define multiple allowlists for a rule to reduce false positives.
### A finding will be ignored if _ANY_ `[[rules.allowlists]]` matches.
    [[rules.allowlists]]
    description = "ignore commit A"

### When multiple criteria are defined the default condition is "OR".
### e.g., this can match on |commits| OR |paths| OR |stopwords|.
    condition = "OR"
    commits = [ "commit-A", "commit-B"]
    paths = [
      '''go\.mod''',
      '''go\.sum'''
    ]

### note: stopwords targets the extracted secret, not the entire regex match
### like 'regexes' does. (stopwords introduced in 8.8.0)
    stopwords = [
      '''client''',
      '''endpoint''',
    ]

    [[rules.allowlists]]

### The "AND" condition can be used to make sure all criteria match.
### e.g., this matches if |regexes| AND |paths| are satisfied.
    condition = "AND"

### note: |regexes| defaults to check the _Secret_ in the finding.
### Acceptable values for |regexTarget| are "secret" (default), "match", and "line".
    regexTarget = "match"
    regexes = [ '''(?i)parseur[il]''' ]
    paths = [ '''package-lock\.json''' ]

---

Configuration

📅 Schedule: Branch creation - "* 0-3 * * *" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[echoix]

See the note of the default config change

[github-actions]

🦙 MegaLinter status: ⚠️ WARNING

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ API	spectral	1		0	1.74s
⚠️ BASH	bash-exec	6		1	0.02s
✅ BASH	shellcheck	6		0	0.18s
✅ BASH	shfmt	6	0	0	0.67s
✅ COPYPASTE	jscpd	yes		no	3.68s
✅ DOCKERFILE	hadolint	129		0	24.81s
✅ JSON	jsonlint	20		0	0.31s
✅ JSON	v8r	22		0	15.18s
⚠️ MARKDOWN	markdownlint	267	0	302	24.6s
✅ MARKDOWN	markdown-table-formatter	267	0	0	165.63s
⚠️ PYTHON	bandit	214		66	3.73s
✅ PYTHON	black	214	0	0	4.66s
✅ PYTHON	flake8	214		0	1.98s
✅ PYTHON	isort	214	0	0	1.22s
✅ PYTHON	mypy	214		0	13.84s
✅ PYTHON	pylint	214		0	29.38s
✅ PYTHON	ruff	214	0	0	0.78s
✅ REPOSITORY	checkov	yes		no	33.94s
✅ REPOSITORY	git_diff	yes		no	0.47s
⚠️ REPOSITORY	grype	yes		26	14.78s
✅ REPOSITORY	secretlint	yes		no	11.39s
✅ REPOSITORY	trivy	yes		no	17.11s
✅ REPOSITORY	trivy-sbom	yes		no	0.29s
⚠️ REPOSITORY	trufflehog	yes		1	53.16s
✅ SPELL	cspell	717		0	13.97s
⚠️ SPELL	lychee	349		15	24.97s
✅ XML	xmllint	3	0	0	1.3s
✅ YAML	prettier	160	0	0	4.3s
✅ YAML	v8r	102		0	28.08s
✅ YAML	yamllint	161		0	2.38s

See detailed report in MegaLinter reports

MegaLinter is graciously provided by