feat(detectors): add Gitea API token detector

[0xDevNinja]

Description:

Closes #4718.

Adds a new verifiable detector for Gitea API tokens.

• Pattern: 40-character lowercase hexadecimal token, anchored on the gitea keyword to keep false positives low (a bare 40-hex string overlaps with SHA-1 hashes / commit IDs).
• Verification: GET /api/v1/user with the Authorization: token <token> header.
  • 200 → verified
  • 401 / 403 → determinately unverified (no error)
  • any other status / transport error → indeterminate (verification error returned)
• SecretParts: populated on every result ({"key": <token>}), per the detector guidelines.
• Self-hosted instances: uses the standard EndpointSetter / CloudProvider pattern, defaulting to https://gitea.com while supporting user-supplied endpoints.
• Added Gitea to the DetectorType enum, regenerated the protobuf bindings with make protos, and registered the scanner in pkg/engine/defaults/defaults.go.

Tests cover all five detector states (verified, determinately unverified, indeterminate via unexpected response, indeterminate via timeout, and not-found) using mock HTTP clients, plus a build-tagged integration test for live verification.

Verified locally end to end:

$ trufflehog filesystem ./testdir --no-verification
Found unverified result 🐷🔑❓
Detector Type: Gitea
Raw result: 9f3a7c1e0b6d48a25e1f7c93d04b8a6f2c5e9d10
Host: https://gitea.com

Checklist:

• Tests passing (make test-community)?
• Lint passing (make lint this requires golangci-lint)?

---

Note

Low Risk
Additive detector-only change following existing Git-provider patterns; verification is a read-only user API call with no changes to core scan or auth flows.

Overview
Adds Gitea API token scanning and optional live verification to TruffleHog.

Detection matches 40-character lowercase hex tokens only when the gitea keyword appears nearby (via PrefixRegex), to avoid bare hex strings that look like commit SHAs. Results include SecretParts and per-endpoint host metadata; verification calls GET /api/v1/user with Authorization: token …, treating 200 as verified and 401/403 as definitively invalid.

The scanner uses the usual cloud/self-hosted endpoint setup (https://gitea.com default, configurable endpoints). DetectorType_Gitea (1053) is added in proto and generated Go, and gitea.Scanner is registered in the default detector list.

Unit tests cover regex/keyword behavior, verification status handling (including timeouts), plus a build-tagged integration test against real credentials.

^{Reviewed by Cursor Bugbot for commit 6b25b50. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Reviewed by Cursor Bugbot for commit fb1d755. Configure here.}