Describe the bug

If the regex target for an allowlist item is line and the item is encoded, you can not allow based on the decoded content of the line.

To Reproduce

• Configure gitleaks to use this rule
• Then scan this file and make sure the max decode depth is set to >= 1 (I did 8 out of habit when I tested it)

Expected behavior

That should not trigger a result because of the X-Amz-Signature item in the allowlist.

Basic Info (please complete the following information):

• OS: Fedora 41
• Gitleaks Version: 8.21.2

Additional context

I think the contents of finding.Line should stay the original data for the sake of having some reference to what was in the original file. Suggested fix would be to just tweak the *AllowlistTarget variables to refference currentRaw.

I might be able to send a fix your way, but just wanted to log this to track it and reference it ^_^

cc @zricethezav