Report unused exclusions

[pmevzek-godaddy]

Feature Request

Is your feature request related to a problem? Please describe.

This is not a problem per se but could be offered as enhancement for maintainability (of tartufo configuration/exclusion files).

Here is the scenario I envision:

• one creates some file based and/or signature based exclusions, as needed
• those exclusions sometimes can grow big, dozens or more entries
• they are not a problem per se, but yet we may happen to be in the future in a state where some exclusions are not needed anymore (ex: user rewrites all history and hence some secrets disappear and hence some previous file-based or signature-based exclusions do not reference anything existing anymore if user was "lazy" to just copy old content)
• so we may get some test runs that are ok but basically that didn't need all the exclusions provided.

Describe the solution you'd like

The results of a scan, both positive and negative, should list all file-based/signature-based exclusions that where taken into account (because in configuration or command line) but that were not used at all, that is for which no file or no string matched at all.

Describe alternatives you've considered

The only alternatives is for human to test things one by one, by removing one file- or signature- based exclusion, running tartufo again, and see in the results if that specific exclusion is needed or not in fact.

Teachability, Documentation, Adoption, Migration Strategy

In JSON output this information can be present al all times, but otherwise a command-line flag/configuration option could be created to enable this feature when needed.