Add Python Package Index (PyPI) token detection

What does this MR do?

This is a first step towards a PR that adds PyPI token detection to GitLab. PyPI is one of the main Python package repositories for the Python community, it's maintained (as an open source service) by the same community as the Python language itself. We've recently rolled out Secrets Scanning for secrets publicly posted on GitHub, and I was wondering if doing the same for GitLab would be easy. I found @tmccaslin 's gitlab-org&4944 which led me here, because, if I understand correctly, the first step to having GitLab warn PyPI when it finds leaked tokens is to be detected by the secret scanning tool (correct me if I'm wrong).

I looked at the commit that implemented Shopify, thinking that I could mimick that, but then I saw there was recently a big refacto and there wasn't any new implementation since then, so I resolved to just searching for shopify in the current codebase and mimicking what I found. And I just found this single file, so I did the same. I tried looking at twitter, and there were more files, but I can't really say if the files under expect/ are auto-generated by a tool or if I need to write those json payloads by hand.

What are the relevant issue numbers?

Haven't created an issue beforehand. This seemed to be such a small change that I thought the MR might suffice, but please tell me if you prefer an issue.

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug

👆 I'd like to but haven't found how.

• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer