Secret Detection script - don't analyse if there are no changes in the branch

What does this MR do and why?

I did some experiments. I enabled Secret Detection on a project in the default branch.

When I created a branch during creating a commit, then it worked fine - only this new change was analysed.

But - when I created a branch by going to "Repository" > "Branches" > "New branch" from the default branch, then the job secret_detection took a lot of time - for my project it got timeout (in my project 1h). And I saw that this job for 1h was running 100% on one core of CPU on my gitlab runner - which is a waste of CPU power etc.

My MR turns off the secret detection analysis when there are no changed files in the new branch.

The best option would be, to make the analyser produce an empty Secret Detection report when there are no changes in the branch - but I cannot do that probably.

How to set up and validate locally

1. Create from GitLab GUI a fork for a not too small project, e.g. https://gitlab.com/gitlab-org/gitlab-ui
2. In Web IDE of the fork in the file .gitlab-ci.yml put only this code enabling the Secret Detection.

   include:
   - template: Security/Secret-Detection.gitlab-ci.yml

3. Commit the change to the defualt branch.
4. You can see that the pipeline for the default branch will finish quickly and the secrets analysis will last about 1s.
5. Now go to "Repository" > "Branches" > "New branch" from the default branch.
6. You can see that the secret detection analysis for the new branch will last a few minutes - despite the fact that the new branch is the same as the default branch.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.