Add "category" metadata to each rule

[bradlarsen]

Currently, Nosey Parker rules are just a bag of rules, undifferentiated from each other in terms of severity or the kind of thing they detect.

As noted by @CameronLonsdale in #52 (comment):

Another useful category would be whether the finding is for a "secret" like an API key, or something more informational like an s3 bucket name (https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/rules/aws.yml#L120-L121)

This is related to #51: if we had useful metadata attached to each rule, we could use that for filtering.

I propose adding a category field to each rule. This field will have a list of values of notable types. I'm not quite sure what the taxonomy should be, but some ideas:

• secret: indicating that the rule detects things that are in fact secrets (e.g., GitHub Personal Access Token). These are the most severe, as they can give an attacker nearly immediate access to additional resources.
• identifier: indicating that the rule detects things that are not secrets but could be used by an attacker to enumerate additional resources (e.g., AWS API Key, S3 buckets).
• hashed, encrypted: indicating that the rule detects things that are hashed or encrypted payloads (e.g., bcrypt hashes). Things like password hashes probably shouldn't be leaked, as an attacker could use them to brute force credentials.
• test: indicating that the rule detects things that are explicitly used for test deployments (e.g., stripe test keys)
• api: indicating that the rule detects things that are API tokens