Improve logging for unscannable files

[victoria-miltcheva]

What does this PR do?

• Provides a more helpful error message in the event when a file cannot be decoded as UTF-8, and is not a binary file:

  
  $ detect-secrets scan --update .secrets.baseline
  .git/objects/63/9a906298cc5b1dde14f226e3de57e949679165 failed to load, and could not be scanned, because the file is not valid UTF-8.
  If possible, convert this file to valid UTF-8 for it to be scanned.
  You can suppress this warning with the --suppress-unscannable-file-warnings option.
  Continuing scan...

.git/objects/66/b913f4ee901e5f883d02edb53d52437d4144d6 failed to load, and could not be scanned, because the file is not valid UTF-8. If possible, convert this file to valid UTF-8 for it to be scanned. You can suppress this warning with the --suppress-unscannable-file-warnings option. Continuing scan...

- When a file is binary, detect-secrets will no longer log a warning since it does not support binary files
- Adds the following argument to the scan subcommand and pre-commit hook:

--suppress-unscannable-file-warnings Suppress warnings that occur when one or more files cannot be scanned.

- Adds the following argument to the pre-commit hook only:

--fail-on-file-unscannable Fail if one or more files could not be scanned. Note that binary files will be skipped by this check.

- Adds the `SUPPRESS_UNSCANNABLE_FILE_WARNINGS` env var to the Red Hat UBI custom Docker image's entrypoint script
- In builds, pre-commit is only run for Python 3.8.1 or above builds. This is because https://pypi.org/project/flake8/ requires Python>=3.8.1. It will not be installable in the Python 3.7 build.
- Bumps detect secrets version

[victoria-miltcheva]

Ah, the Python 3.7 pre-commit hook is failing because flake8 requires Python 3.8 or above: https://pypi.org/project/flake8/

[victoria-miltcheva]

I've added the --suppress-unscannable-file-warnings option to the custom Red Hat UBI script.

Result when SUPPRESS_UNSCANNABLE_FILE_WARNINGS is False:

➜  detect-secrets git:(improve-logging-for-unscannable-files) ✗ docker run  --env BASELINE=.secrets.baseline  --env SUPPRESS_UNSCANNABLE_FILE_WARNINGS=False -it -a stdout --rm -v $(pwd):/code git-defenders/detect-secrets:redhat-ubi-custom
[ Starting Detect Secrets run ]

...using baseline: .secrets.baseline
...skip scan with baseline update: false
...suppress unscannable file warnings: false
...output json: false
...omit instructions: false
...fail on live: true
...fail on unaudited: true
...fail on audited real: true

Scanning code directory (docker volume mounted to /code) and updating baseline file .secrets.baseline... 
bad-file-1.json failed to load, and could not be scanned, because the file is not valid UTF-8.
If possible, convert this file to valid UTF-8 for it to be scanned.
Continuing scan...

bad-file-2.json failed to load, and could not be scanned, because the file is not valid UTF-8.
If possible, convert this file to valid UTF-8 for it to be scanned.
Continuing scan...

Running report: Baseline .secrets.baseline - Options:  --fail-on-live --fail-on-unaudited --fail-on-audited-real

19 potential secrets in .secrets.baseline were reviewed. All checks have passed.

        - No unaudited secrets were found

        - No live secrets were found

        - No secrets that were audited as real were found

[ Ending Detect Secrets - run succeeded ]

Result when SUPPRESS_UNSCANNABLE_FILE_WARNINGS is True:

➜  detect-secrets git:(improve-logging-for-unscannable-files) ✗ docker run  --env BASELINE=.secrets.baseline  --env SUPPRESS_UNSCANNABLE_FILE_WARNINGS=True -it -a stdout --rm -v $(pwd):/code git-defenders/detect-secrets:redhat-ubi-custom
[ Starting Detect Secrets run ]

...using baseline: .secrets.baseline
...skip scan with baseline update: false
...suppress unscannable file warnings: true
...output json: false
...omit instructions: false
...fail on live: true
...fail on unaudited: true
...fail on audited real: true

Scanning code directory (docker volume mounted to /code) and updating baseline file .secrets.baseline... 

Running report: Baseline .secrets.baseline - Options:  --fail-on-live --fail-on-unaudited --fail-on-audited-real

19 potential secrets in .secrets.baseline were reviewed. All checks have passed.

        - No unaudited secrets were found

        - No live secrets were found

        - No secrets that were audited as real were found

[ Ending Detect Secrets - run succeeded ]