feat(secret): enhance secret scanning for python binary files

[afdesk]

Description

Notes this way doesn't detect secrets inside .odt (LibreOffice format) and .pdf.

Demo file:

secret1 = "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"
print(secret1)

$ python3 -m compileall .

Before:

$ trivy fs --scanners secret __pycache__/
2024-08-01T18:03:59+06:00	INFO	[secret] Secret scanning is enabled
2024-08-01T18:03:59+06:00	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-01T18:03:59+06:00	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection

After:

$ trivy fs --scanners secret __pycache__/
secret.cpython-310.pyc (secrets)

Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 1)

CRITICAL: GitHub (github-fine-grained-pat)
═════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
GitHub Fine-grained personal access tokens
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Related issues

• Close #7204

Checklist

• [x] I've read the guidelines for contributing to this repository.
• [x] I've followed the conventions in the PR title.
• [x] I've added tests that prove my fix is effective or that my feature works.
• [x] I've updated the documentation with the relevant information (if needed).
• [ ] I've added usage information (if the PR introduces new options)
• [x] I've included a "before" and "after" example to the description (if the PR is a user interface change).