The hardcoded secret detection regex is copy-pasted across 9 language rule files with silent divergence — PHP's version drops `auth`, `credential`, and `private_?key` from the pattern.
- Extract the keyword list and regex builder into a shared module (e.g. `src/rules/common.rs`)
- Each language file calls the shared builder, optionally extending with language-specific patterns
- Add a test that asserts all languages match the same base keyword set
The hardcoded secret detection regex is copy-pasted across 9 language rule files with silent divergence — PHP's version drops `auth`, `credential`, and `private_?key` from the pattern.