Enhance java_password_rule-HardcodeKey to detect hardcoded HMAC keys
Problem
- The Java rule for detecting hardcoded cryptographic keys currently doesn't have patterns for detecting hardcoded HMAC signing keys.
Solution
- Add HMAC patterns from the
jwt-hardcode.java-jwt-hardcoded-secret
community rule into the existingjava_password_rule-HardcodeKey
rule.
Follow the enhance rule checklist.