security: add pre-commit hook for secret leak detection (#384)

.pre-commit-hooks.yaml

@@ -0,0 +1,42 @@
+# Pre-commit hooks configuration for timmy-home
+# See https://pre-commit.com for more information
+
+repos:
+  # Standard pre-commit hooks
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: trailing-whitespace
+        exclude: '\.(md|txt)$'
+      - id: end-of-file-fixer
+        exclude: '\.(md|txt)$'
+      - id: check-yaml
+      - id: check-json
+      - id: check-added-large-files
+        args: ['--maxkb=5000']
+      - id: check-merge-conflict
+      - id: check-symlinks
+      - id: detect-private-key
+
+  # Secret detection - custom local hook
+  - repo: local
+    hooks:
+      - id: detect-secrets
+        name: Detect Secrets
+        description: Scan for API keys, tokens, and other secrets
+        entry: python3 scripts/detect_secrets.py
+        language: python
+        types: [text]
+        exclude: 
+          '(?x)^(
+            .*\.md$|
+            .*\.svg$|
+            .*\.lock$|
+            .*-lock\..*$|
+            \.gitignore$|
+            \.secrets\.baseline$|
+            tests/test_secret_detection\.py$
+          )'
+        pass_filenames: true
+        require_serial: false
+        verbose: true