update gitallowed for secret scanning

Author: wildjames

.gitallowed

@@ -1,5 +1,29 @@
-./pom.xml
-./src/test
-./.github/workflows
-./.tool-versions
-./nhsd-rules-deny.txt
+# Allow GitHub workflow secrets and tokens
+token: ?"?\$\{\{\s*secrets\.GITHUB_TOKEN\s*\}\}"?
+github-token: ?"?\$\{\{\s*secrets\.GITHUB_TOKEN\s*\}\}"?
+token: ?"?\$\{\{\s*secrets\.DEPENDABOT_TOKEN\s*\}\}"?
+id-token: write
+--token=\$\{\{\s*steps\.generate-token\.outputs\.token\s*\}\}
+--token=\$GITHUB-TOKEN
+
+# Allow CIDR blocks in CloudFormation templates and related files
+CidrBlock: "10\.\d{1,3}\.\d{1,3}\.\d{1,3}/\d{1,2}"
+DestinationCidrBlock: "0\.0\.0\.0/0"
+
+# Java corretto is not a secret
+.*java corretto.*
+
+# Allow standard code in JSON files for FHIR compliance testing
+"code": "1\.2\.840\.10065\.1\.12\.1\.1"
+
+# Allow IP in X-Forwarded-For header in test files
+.*\"X-Forwarded-For\": \"86\.5\.218\.71\".*
+
+# Allow version for AspectJ in pom.xml
+<aspectj\.version>1\.9\.22\.1</aspectj\.version>
+
+# General ones
+.*\.gitallowed.*
+.*nhsd-rules-deny.txt.*
+.*\.venv.*
+.*node_modules.*