pub fn scan_for_sensitive_paths(root: &Path) -> Vec<PathBuf>Expand description
v0.113: walk a frontier path and return any files whose names
match shapes commonly associated with secrets: literal extensions
(*.key, *.pem, *.p12) and substring patterns (private,
secret, credential). Skips standard noise (.git/, target/,
node_modules/, dist/, build/). Used by vela check --strict
and by scripts/test-secret-audit.sh. Closes part of
THREAT_MODEL.md A17 with active detection on top of the passive
.gitignore exclusion shipped at v0.111.1.