fix: Remove TruffleHog secret scanning

TruffleHog v3.92.5 has an incompatible AGPL-3.0 license.
GitHub's built-in secret scanning already provides this functionality
automatically, making the third-party action redundant.

Author: JerrettDavis

.github/workflows/codeql.yml

@@ -99,28 +99,9 @@ jobs:
         path: vulnerable-packages.txt
         retention-days: 30
 
-  secret-scanning:
-    name: Secret Scanning
-    runs-on: ubuntu-latest
-    if: github.event_name == 'pull_request'
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v6
-      with:
-        fetch-depth: 0
-
-    - name: TruffleHog OSS
-      uses: trufflesecurity/trufflehog@v3.82.13
-      with:
-        path: ./
-        base: ${{ github.event.repository.default_branch }}
-        head: HEAD
-        extra_args: --only-verified
-
   security-summary:
     name: Security Summary
-    needs: [analyze, dependency-scanning, secret-scanning]
+    needs: [analyze, dependency-scanning]
     runs-on: ubuntu-latest
     if: always()
 
@@ -129,17 +110,9 @@ jobs:
       run: |
         echo "CodeQL Analysis: ${{ needs.analyze.result }}"
         echo "Dependency Scanning: ${{ needs.dependency-scanning.result }}"
-        echo "Secret Scanning: ${{ needs.secret-scanning.result }}"
-
-        # Secret scanning is only run on PRs, so treat skipped as success
-        SECRET_SCAN_STATUS="${{ needs.secret-scanning.result }}"
-        if [ "$SECRET_SCAN_STATUS" == "skipped" ]; then
-          SECRET_SCAN_STATUS="success"
-        fi
 
         if [ "${{ needs.analyze.result }}" == "success" ] && \
-           [ "${{ needs.dependency-scanning.result }}" == "success" ] && \
-           [ "$SECRET_SCAN_STATUS" == "success" ]; then
+           [ "${{ needs.dependency-scanning.result }}" == "success" ]; then
           echo "All security scans passed!"
           exit 0
         else