Tweaks to leverage some new gitleaks features to catch more secrets

[bplaxco]

Is your feature request related to a problem?

Nope, just wanted to let you know about some new features in gitleaks that might be worth leveraging here ^_^

Describe the solution you'd like

I was looking at the line where the container's called figured it could be something like this to leverage some new features and give you some flexibility:

docker run -v $path:/scan "${GITLEAKS_IMAGE:-"${DEFAULT_GITLEAKS_IMAGE}"}" dir \
  --max-decode-depth="${GITLEAKS_MAX_DECODE_DEPTH:-8}" \
  --max-archive-depth="${GITLEAKS_MAX_ARCHIVE_DEPTH:-8}" \
  /scan

Where:

• deprecate detect command is swapped out with dir
• GITLEAKS_IMAGE lets you set which image you want to use
• DEFAULT_GITLEAKS_IMAGE is the one
• GITLEAKS_MAX_DECODE_DEPTH enables the decoder feature
• GITLEAKS_MAX_ARCHIVE_DEPTH enables the archive traversal feature that's coming soon

Describe alternatives you've considered

N/A - This is just a drive by suggestion because I saw your tool and figured the changes above could help it catch more.

Additional context

The default of 8 is what I run in prod (a continually running tool that is monitoring a few 100k repos) for decoding and plan to do for archive support as well. 8 seems to be a good balance of don't miss edge cases and don't go crazy if something is insanely nested.

I haven't ran the archive traversal in prod yet, but plan to once it's released.