security: add credential patterns to .gitignore + SECURITY.md

[k4w1992-lgtm]

Summary

This PR adds security hardening to prevent future credential leaks, following the discovery of a hardcoded OAuth token in the repository (Google OSS VRP Issue #504158909).

Changes

• .gitignore: Added common credential file patterns (*.pem, *.key, .env, credentials.json, etc.)
• SECURITY.md: New security policy with credential handling guidance and pre-commit check instructions

Why

A Google OAuth access token was previously committed to this repository. While it has since been redacted, this PR prevents similar incidents by:

1. Blocking credential files from being accidentally committed
2. Providing clear guidance on how to handle credentials
3. Documenting the pre-commit secret scanning workflow

Related

• Google Issue: https://issuetracker.google.com/issues/504158909
• GitHub Issue: Security: Hardcoded OAuth token discovered in repository history — Issue #504158909 #5520
• Reporter: k4w_wak (k4w1992@gmail.com)

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[adk-bot]

Response from ADK Triaging Agent

Hello @k4w1992-lgtm, thank you for your contribution!

To help us review your PR, could you please add a testing plan section to your PR description explaining how you've tested these changes?

Additionally, it looks like the Contributor License Agreement (CLA) check has failed. Please ensure you have signed the CLA, which is a requirement for us to accept your contribution. You can find more information in the "Details" link of the cla/google check at the bottom of the pull request.

Thank you!

[k4w1992-lgtm]

I have signed the CLA