Bump secret-detection-rules to version v0.20.0 for Pipeline and Push Protection

Context

SD rules introduces following new rules across the versions:

## v0.20.0

• Add rule AWSCognitoIdentityPoolID for Pipeline SD @lmoratti
• Add rule AWSSecretAccessKey for Pipeline SD
• Add rule AWSSessionToken for Pipeline SD and Push Protection
• Enhance rule anthropic_key
• Enhance rule AWS Access Key ID rule covering different scenarios
• Remove rule AWSSTSKey and merge it with AWS rule pattern
• Add rule AWSBedrockShortLivedKey for Pipeline SD and Push Protection

## v0.19.0

• Enhance rule Mapbox API token
• Remove duplicated rule Tailscale key
• Enable rule TailscaleOauthClientSecret for Pipeline and Push Protection
• Enable rule TailscaleApiAccessToken for Pipeline and Push Protection
• Enable rule TailscalePersonalAuthKey for Pipeline and Push Protection
• Enable rule SlackAppConfigurationRefreshToken for Pipeline and Push Protection
• Enable rule SlackAppConfigurationToken for Pipeline and Push Protection
• Enable rule ShopifyPartnerAPIToken for Pipeline and Push Protection
• Enable rule PostmanCollectionAccessKey for Pipeline and Push Protection
• Enhance rule Postman API token and enable for Push Protection
• Narrow duplicated rule open ai token down to legacy user keys
• Enable rule OpenAiServiceAdminKey for Pipeline and Push Protection
• Enable rule OpenAiServiceAccountKey for Pipeline and Push Protection
• Enable rule OpenAiProjectKey for Pipeline and Push Protection
• Enable rule MapboxSecretApiToken for Pipeline detection
• Enable rule IntercomAppAccessToken for Pipeline and Push Protection
• Remove duplicated rule Grafana API token
• Enable rule GrafanaServiceAccountToken for Pipeline and Push Protection
• Enable rule GrafanaCloudAccessPolicyToken for Pipeline and Push Protection
• Enable rule FlutterwaveProdEncryptedKey for Pipeline and Push Protection
• Enable rule FlutterwaveProdSecretKey for Pipeline and Push Protection
• Enable rule FlutterwaveProdPublicKey for Pipeline and Push Protection
• Enable rule DropboxAppAccessToken for Pipeline and Push Protection
• Fix Heroku API Key rule and enable SPP

Implementation plan

• Follow the release procedure outlined in https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-rules#release-process
  • Secret Detection Analyzer: gitlab-org/security-products/analyzers/secrets!427 (merged)
  • Secret Detection Gem (for Push Protection): gitlab-org/security-products/secret-detection/secret-detection-service!145 (merged)
• GitLab Rails: !211238 (merged)
• Documentation: Update SD Rules Table Matrix (!211037 - merged)
• Release Post: gitlab-com/www-gitlab-com!141436

GitLab Rails: Gem Update Instructions

Run the following commands in the gitlab directory to update the gem:

bundle install
mise exec -- bundle update --conservative gitlab-secret_detection
bundle exec rake bundler:gemfile:sync

Release Post Issue Template

Example Reference: gitlab-com/www-gitlab-com!141272 (merged)

Template:

---
features:
  secondary:
  - name: "Increased rule coverage for secret push protection and pipeline secret detection"
    available_in: [free, premium, ultimate]
    gitlab_com: true
    self_managed: true
    gitlab_dedicated: true
    add_ons: []
    documentation_link: 'https://docs.gitlab.com/user/application_security/secret_detection/detected_secrets'
    reporter: amarpatel
    stage: application_security_testing
    categories:
    - Secret Detection
    issue_url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/573973'
    description: |
      GitLab's pipeline secret detection now includes additional rules in [version <version>](https://gitlab.com/gitlab-org/security-products/analyzers/secrets/-/releases/<version>) of the secrets analyzer. We've also refined existing rules to improve detection quality and minimize false positives.