added git secrets sample code for mac and Linux and updated security.md (#142)

Author: JohnEllwoodBJSS

nhsd-git-secrets/.pre-commit-config.example.yaml

@@ -0,0 +1,8 @@
+repos:
+- repo: local
+  hooks:
+    - id: git-secrets
+      name: Git Secrets
+      description: git-secrets scans commits, commit messages, and --no-ff merges to prevent adding secrets into your git repositories.
+      entry: 'nhsd-git-secrets/pre-commit-mac.sh'
+      language: script

nhsd-git-secrets/README-mac-workstation.md

@@ -0,0 +1,57 @@
+# Setup (Mac only)
+
+Ensure you have the pre-commit framework set up first:
+
+https://pre-commit.com/
+
+TL;DR:
+
+* pre-commit --version (to check whether it's installed)
+* brew install pre-commit
+* cd <texasd infra repo root>
+* pre-commit install
+
+Once you have pre-commit installed then:
+
+* cd nhsd-git-secrets
+* cp git-secrets ..
+
+Then if you don't have an existing .pre-commit-config.yaml in the root of your repo:
+
+* cp .pre-commit-config.example.yaml ../.pre-commit-config.yaml
+
+Otherwise integrate the git-secrets example config into your existing file.
+
+Then:
+
+* cd ..
+* pre-commit install
+* git add .pre-commit-config.yaml
+
+Next time you do a commit the git secrets hook should be invoked.
+
+# Custom configuration (per repo / per service team)
+
+* Add individual regex expressions to nhsd-rules.txt
+* Add regex rules files within wrapper.sh e.g.
+
+ `git secrets --add-provider -- cat git-secrets/nhsd-rules.txt`
+
+* Add file/dir excludes within wrapper.sh e.g.
+
+ `git secrets --add --allowed '.*terraform.tfstate.*:*'`
+
+* Control full scan vs staged files scan within wrapper.sh by commenting/uncommenting the mode to run e.g.:
+
+ ```
+ # Just scan the files changed in this commit
+ # git secrets --pre_commit_hook
+
+ # Scan all files within this repo for this commit
+ git secrets --scan
+ ```
+ 
+# Testing-a
+
+* make sure you have done git add if you have changed anything within git-Secrets
+* Run: `pre-commit run git-secrets`

nhsd-git-secrets/full-history-scan.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+ 
+cd ..
+
+export PATH=$PATH:.
+
+# # These only need to be run once per workstation/slave/agent but are included to try and ensure they are present
+./git-secrets --register-aws
+./git-secrets --add-provider -- cat nhsd-git-secrets/nhsd-rules-linux.txt
+./git-secrets --add --allowed '.*git-secrets/.*:*'
+./git-secrets --add --allowed '.*terraform.tfstate.*:*'
+
+# Scan all files within this repo for this commit
+./git-secrets --scan-history