Adding audit --diff functionality

[domanchi]

Testing

detect-secrets$ pip install -e .
detect-secrets$ detect-secrets scan test_data > .secrets.baseline
detect-secrets$ detect-secrets scan --base64-limit 5.5 --hex-limit 2 > .secrets.baseline.new
detect-secrets$ detect-secrets audit --diff .secrets.baseline .secrets.baseline.new

Output

Secret:      1 of 10
Filename:    test_data/config.ini
Secret Type: Hex High Entropy String
Status:      >> ADDED <<
----------
1:[credentials]                                    
2:password = 12345678901234                        
3:                                                 
4:[parent]                                         
5:    [child]                                      
6:    keyA = 678912345                             
7:    keyB = value1 
----------
What would you like to do? (s)kip, (q)uit:   

Features

• Leverages the full colored, interactive auditor to be able to see which secrets have been added and removed from the scan, based on plugin configurations.

Hopefully this will better support plugin developers, to make the process easier to configure limits and plugin regexes!

Backwards Compatibility Considerations

• This requires 0.10.4 at a minimum, because it expects baselines to be fully sorted

[KevinHock]

Looks great so far, just more discussion stuff.

[KevinHock]

B/c this will make it so that people need to manually update the baseline's, do you think we should add the autoupdate baselines functionality now? I think so

[domanchi]

I thought that was already merged? But yes, I agree with you.

[KevinHock]

I should update the changelog, but #90 was a bug fix for the update functionality, before running the temp bandaid fixer.

[KevinHock]

:D

[KevinHock]

🚢 except let's wait until we make the pre-commit hook autoupdate the baseline

[KevinHock]

I guess we can merge this one now @domanchi 👍 (I'd like you to have the GitHub square on account of making the PR 😁 )