Improve suspicious env checks

[tspearconquest]

The current check for secrets in the env commands of a Dockerfile can incorrectly flag trivially named variables used in certain image builds such as ENV CC="/usr/bin/clang" as potentially containing a secret.

This is due to the contains() function performing a substring comparison. The string "ACCESS_KEY" which is a member of the secrets_env array contains the string "CC" which causes Dockerfiles using this env variable to be flagged.

This PR improves the suspicious env check by running different checks of the env values and performing some basic parsing of the keys and values to look for anything suspicious while avoiding use of the contains() function

Signed-off-by: Thomas Spear [email protected]