Add comprehensive .gitignore patterns for private keys and credentials

[Copilot]

Existing .gitignore had incomplete coverage for private keys and credentials, with incorrect SSH key patterns (*.id_rsa never matches id_rsa).

Changes

Fixed Patterns

• SSH keys: *.id_rsa → id_rsa, id_ed25519, id_ecdsa (glob was fundamentally broken)
• Public keys now committable: SSH .pub files, pubring.gpg, public .asc signatures

Added Patterns (70+ new entries)

• SSH/GPG: Hardware security keys (id_*_sk), GPG private keyrings, secret-only ASC files
• Cloud: AWS/GCP/Azure credential directories with recursive matching (**/.aws/, **/.gcp/, **/.azure/, **/gcloud/)
• PKI: PKCS8/PKCS12/SPKI formats, CA bundles, serial files, Apple provisioning profiles
• Tokens: JWT, bearer, OAuth, access/refresh/API tokens with specific patterns to avoid false positives (e.g., access-token.* not *-token.*)
• Blockchain: Mnemonics, seed phrases (specific: seed.key, seed.txt, not seed.* which catches seed.sql), wallet files, keystore directories, deployer/signer keys
• Keystores: Java (.jks), Android (debug.keystore, release.keystore)

Pattern Refinements

• Specific over broad: **/accounts/*-private*.json not **/accounts/*.json
• Extension required: privkey.* not privkey* (avoids directory matches)
• Consolidated: keystore*/ covers both keystore/ and keystores/
• Removed redundancies: .aws/ already covers .aws/credentials and .aws/config

Example of pattern specificity:

# Ignores sensitive files
seed.key, seed.txt, seed.phrase
eth-private*.key, private-key*.json
access-token.*, bearer-token*

# Allows legitimate files
seed.sql, seed.ts, seed.json
eth-config.json
user-token.json, session-token.txt

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.