Add a predefined push rule to prevent commit of AWS keys/secrets

Description

There have been a number of high-profile security incidents in which AWS secrets have been accidentally included in commits to GitH*b, and subsequently found by miscreants and used to exfiltrate data, spin up instances for mining BitCoins, or whatever. It is universally considered a Bad Thing to store credentials in code, but it happens anyway. It's a hard problem to solve in the general case, but AWS keys (and, to a lesser extent, the corresponding secrets) conform to a common pattern and should be readily detectable. It would therefore be useful to add a feature to GitLab to prevent any commits that appear to include AWS keys or secrets.

Proposal

Add a predefined push rule which checks commits against regexps for AWS keys and secrets, and prevents the commit if a match is found. Maybe include a configuration option which optionally only applies the check to certain file types, or excludes file types which may have false alarms.

Keys are 20 characters - "AKIA" followed by 16 uppercase letters or numbers. Should be easy to detect with few false positives.

Secrets are 40 character base64 strings. This is a little looser definition so might cause occasional false positives.

Links / references

https://databricks.com/blog/2017/05/30/entropy-based-log-redaction-apache-spark-databricks.html has regexps which match keys and secrets.