fix: distinguish between exact and regex matches

[martinohmann]

This change proposes to split out the regex matching functionality into a dedicated matchRegex rule. The rationale behind this change is that, by having match support both exact and regex matching it can lead to very surprising behaviour that is not obvious to the user.

An example: with the presence of regex matching, match: foo would match foo, but it also would match foobar and barfoo. This means that it would match more trust anchors than anticipated, and that in turn can be a security issue.

To achieve true exact matching, one would need to use match: ^foo$, but that's really verbose and easy to forget.

By making match just perform plain exact string matching and have matchRegex for use cases that require more complicated matching behaviour via regular expressions the footgun above can be avoided.

[github-actions]

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ ACTION	actionlint	2		0	0.03s
✅ DOCKERFILE	hadolint	1		0	0.09s
✅ GO	golangci-lint	yes		no	21.21s
✅ GO	revive	3		0	13.13s
✅ JSON	jsonlint	1		0	0.58s
✅ JSON	prettier	1		0	2.24s
✅ JSON	v8r	1		0	1.97s
✅ MARKDOWN	markdownlint	2		0	1.55s
✅ MARKDOWN	markdown-link-check	2		0	2.04s
✅ MARKDOWN	markdown-table-formatter	2		0	0.54s
✅ REPOSITORY	checkov	yes		no	12.22s
✅ REPOSITORY	gitleaks	yes		no	0.15s
✅ REPOSITORY	git_diff	yes		no	0.02s
✅ REPOSITORY	grype	yes		no	17.63s
✅ REPOSITORY	secretlint	yes		no	0.66s
✅ REPOSITORY	trivy	yes		no	8.22s
✅ REPOSITORY	trivy-sbom	yes		no	1.51s
✅ REPOSITORY	trufflehog	yes		no	3.81s
✅ YAML	prettier	7		0	0.99s
✅ YAML	v8r	7		0	10.02s
✅ YAML	yamllint	7		0	1.62s

See detailed report in MegaLinter reports

MegaLinter is graciously provided by