chore: add security-sensitive file patterns to .gitignore

Add patterns to prevent accidental commits of credential files:
- Tomcat/Java config files (context.xml, server.xml, etc.)
- Java keystores and truststores (*.jks, *.jceks, etc.)
- Spring Boot application properties with secrets
- Common credential files (credentials.json, secrets.json, etc.)
- PKCS12 keystores (*.p12, *.pfx)

This helps prevent password leaks in future Java backends that teams
may add to projects using this template.

Author: DerekRoberts

.gitignore

@@ -370,6 +370,34 @@ pyrightconfig.json
 *.pem
 *.pub
 
+# Security-sensitive configuration files (may contain passwords/credentials)
+# Tomcat/Java application server configuration
+**/context.xml
+**/server.xml
+**/tomcat-users.xml
+**/web.xml
+# Java keystores and truststores
+**/*.jks
+**/*.jceks
+**/keystore.*
+**/truststore.*
+# Spring Boot application properties with secrets
+**/application-local.properties
+**/application-prod.properties
+**/application-secrets.properties
+**/application-*.yml
+**/bootstrap-local.yml
+**/bootstrap-prod.yml
+# Other common credential/config files
+**/credentials.json
+**/secrets.json
+**/secrets.yml
+**/secrets.yaml
+**/config.local.*
+**/config.prod.*
+**/*.p12
+**/*.pfx
+
 # IDE
 .codebuddy