Refine Dockerhub Detector for Improved Accuracy & Coverage

[shahzadhaider1]

Description:

This PR streamlines the Dockerhub detector to improve both its precision and recall for identifying Dockerhub Personal Access Tokens (PATs) and usernames.

Key updates include:

• Smarter Username Detection: usernamePat now correctly accounts for usernames starting with alphanumeric characters and allows for underscores and hyphens within the username, matching actual Dockerhub ID formats. It also refines whitespace handling for cleaner matches.
• Robust Access Token (PAT) Detection: accessTokenPat is significantly enhanced. It now explicitly matches a broader set of common keywords (e.g., docker pat, access token) and gracefully handles various key-value pair delimiters (colons, equals signs, quotes), ensuring tokens are found across diverse configurations.
• Fewer False Positives: excludeHeaderPat specifically filters out UUIDs found in benign Docker HTTP headers (e.g., X-Docker-Upload-UUID), preventing them from being flagged as secrets.
• Improved Metadata: The detector now includes the version number in the scan results for both Dockerhub detectors (v1 and v2), enhancing result traceability.
• API Modernization: The Dockerhub v1 detector has been updated to use the current API endpoint, replacing a deprecated one to ensure continued and reliable verification functionality.

These changes make the detector more effective by closely aligning it with real-world Docker credential patterns, leading to more accurate and relevant findings.

Checklist:

• Tests passing (make test-community)?
• Lint passing (make lint this requires golangci-lint)?

[kashifkhan0771]

Why not just use github.com/google/uuid to parse the string and verify whether it's a valid UUID?