Add secrets scanning to CI pipeline

[dev-fatima-24]

Description

No protection exists against accidentally committing Stellar secret keys, JWT secrets, or other credentials to the repository.

Acceptance Criteria

• gitleaks runs on every PR and push to main
• Pre-commit hook configured to block secret commits locally
• Scan covers: Stellar secret keys (S...), JWT secrets, private keys, API tokens
• Historical commit scan run once on existing repo

Priority: High | Effort: Small

[ayomidearegbeshola29-dev]

@ayomidearegbeshola29-dev has applied to work on this issue as part of the Stellar Wave Program's 4th wave.

I will like to work on this pls

ℹ️ Repo Maintainers: To accept this application, review their application or assign @ayomidearegbeshola29-dev to this issue.

[drips-wave]

Congratulations, @ayomidearegbeshola29-dev! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on April 29, 2026.

🧑‍💻 @ayomidearegbeshola29-dev: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊