Add pre-commit hook

[AgatheZ]

This pull request introduces a pre-commit hook script that helps prevent accidental commits of sensitive data into the repository. The script scans for a set of forbidden patterns, which currently includes:

• Names (as capitalized words)
• Postcodes
• Patient IDs
• UK phone numbers
• Precise Dates/DOB (as dd/mm/yyyy hh:mm:ss)
• NHS numbers

I detailed the setup of this hook in the README, there is a file with exceptions that the developer can populate. This script has several limitations/assumptions, the main one being that it is impossible to define a regex that only captures names. There will therefore be several false positives that can be ignored.

A screenshot of an example output:

@hshuaib90 I put you as a reviewer since you initiated the idea, I'm also sure you'll have suggestion to improve them!

EDIT: A few updates:

I have removed the Name regex after reaching the conclusion it would catch too many false positives.

[AgatheZ]

@GSTT-CSC/core It would be good to have anyone's feedback on it!

[hshuaib90]

Thanks @AgatheZ , can you explain the role of .sensitive_exceptions?

[AgatheZ]

@hshuaib90 .sensitive_exceptions is a file you can populate to define exceptions, for instance if you want to include your name in all of your scripts, or if it catches instances it shouldn't have, without ignoring entire files.

[hshuaib90]

In that case I suggest you commit an empty file or some default value and then in the documentation explain that you can use this file for exception but that it probably shouldn't be committed itself.

[AgatheZ]

@hshuaib90 sorry for the delay.

A few updates:

• I have removed the Name regex after reaching the conclusion it would catch too many false positives.
• I updated the address (post code) and patient id regex to make them more robust.
• I updated my comments about the exception files in the README