Secret push protection intermittently returns 500 errors when diff_blobs_with_raw_info feature flag is enabled

Problem to solve

The secret_detection_transition_to_raw_info_gitaly_endpoint feature flag was enabled on production, and we've subsequently observed errors in secret push protection.

Error details:

• GRPC status 13 (INTERNAL) error from Gitaly
• Underlying git command failure: waiting for git-diff-pairs: exit status 128
• Git command appears to be missing required arguments, ending with just diff-pairs -z --abbrev=40 --end-of-options
• Stack trace shows failure in payload_processor.rb:216 calling diff_blobs_with_raw_info

Frequency:

• Appears to be intermittent, affecting a small subset of operations

The errors suggest an issue with how the new diff_blobs_with_raw_info method constructs arguments for the underlying git command in certain edge cases.