Scan deployments for deploy keys/passwords #754
Description
project.clj files are included in deployment jars, and sometimes people put the clojars password/token in the project.clj. We should:
- add a validation that rejects deployments that contain a credential in
project.clj - scan all existing artifacts for any current passwords/tokens and disable the password/token, emailing the user