Revert to changed-files scanning for performance

- Changed scan-scope back to 'changed-files' (only scan PR changes)
- Changed scan-type back to 'filesystem' (current files only)
- Reverted fetch-depth to 100 commits for faster performance
- Optimized for org-wide deployment with fast, targeted scanning

Author: isaiah-grafana

.github/workflows/org-required-trufflehog.yml

@@ -22,8 +22,8 @@ jobs:
     uses: ./.github/workflows/reusable-trufflehog.yml
     with:
       # Optimized settings for org-wide deployment
-      scan-type: "both"              # Comprehensive: scan both filesystem and git history
-      scan-scope: "full-repo"        # Scan entire repository for testing
+      scan-type: "filesystem"        # Fast: current files only
+      scan-scope: "changed-files"    # PR-focused: only scan changes
       fail-on-verified: "true"       # Always fail on real secrets
       fail-on-unverified: "false"    # Lenient for org-wide adoption
       runs-on: "ubuntu-latest"       # Standard runner

.github/workflows/reusable-trufflehog.yml

@@ -50,8 +50,9 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
-          # Fetch full history for comprehensive secret scanning
-          fetch-depth: 0
+          # Limited history to reduce credential exposure risk
+          # 100 commits covers most recent development for security scanning
+          fetch-depth: 100
           persist-credentials: false
 
       - name: Set TruffleHog version