This PR adds support for the Makefile variable pattern $(VARIABLE) in the @secretlint/secretlint-rule-database-connection-string rule to improve compatibility with Make-based projects.

Problem

The database-connection-string rule was flagging legitimate Makefile variables as secrets. For example, this common Makefile pattern would trigger false positives:

DB_URL = postgres://$(PGUSER):$(PGPASSWORD)@$(PGHOST)/$(PGDATABASE)

The isVariableLikeString function only supported these variable patterns:

• ${var} - shell/bash variables
• {{var}} - template variables like handlebars
• {var} - generic template variables
• %VAR% - Windows environment variables
• $VAR - simple shell variables

Solution

Added the regex pattern /\$\([^)]{1,50}\)/ to the variablePatterns array in isVariableLikeString function to recognize Makefile variable syntax $(VAR).

The pattern:

• Matches $( at the start
• Captures 1-50 characters that are not )
• Matches ) at the end
• Maintains the same length limits as other patterns to prevent ReDoS attacks

Testing

Added comprehensive test cases showing that database connection strings with Makefile variables are properly ignored while real credentials are still detected:

# These are now properly ignored (no false positives)
DB_URL = postgres://$(PGUSER):$(PGPASSWORD)@$(PGHOST)/$(PGDATABASE)
MYSQL_URL = mysql://$(DB_USER):$(DB_PASS)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)

# These are still detected as secrets (functionality preserved)
REAL_DB = postgres://admin:myRealPassword123@localhost:5432/production

All existing tests continue to pass, ensuring no regression in functionality.

Fixes #1190.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.