feat(workflow): add Gitleaks for secret detection

Author: pengqun

.github/workflows/gitleaks.yml

@@ -0,0 +1,25 @@
+# https://github.com/gitleaks/gitleaks?tab=readme-ov-file#github-action
+name: Gitleaks
+
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 5 * * *" # run once a day at 5 AM
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }} # Only required for Organizations, not personal accounts.

README.md

@@ -164,9 +164,10 @@ This project uses GitHub Actions for automated CI/CD workflows that run on every
 
 ### Automated Checks
 
-- **🔍 [CodeQL Analysis](https://github.com/modelscope/modelscope-mcp-server/actions/workflows/codeql.yml)** - Security vulnerability scanning and code quality analysis
 - **✨ [Lint](https://github.com/modelscope/modelscope-mcp-server/actions/workflows/lint.yml)** - Code formatting, linting, and style checks using pre-commit hooks
-- **🧪 [Test Suite](https://github.com/modelscope/modelscope-mcp-server/actions/workflows/test.yml)** - Comprehensive testing across Python 3.10, 3.11, and 3.12
+- **🧪 [Test](https://github.com/modelscope/modelscope-mcp-server/actions/workflows/test.yml)** - Comprehensive testing across all supported Python versions
+- **🔍 [CodeQL](https://github.com/modelscope/modelscope-mcp-server/actions/workflows/codeql.yml)** - Security vulnerability scanning and code quality analysis
+- **🔒 [Gitleaks](https://github.com/modelscope/modelscope-mcp-server/actions/workflows/gitleaks.yml)** - Detecting secrets like passwords, API keys, and tokens
 
 ### Local Development Checks