fix: scan `.git/config` for secrets

## Description
Trivy currently skips `**/.git` for efficiency.
https://github.com/aquasecurity/trivy/blob/88702cfd5918b093defc5b5580f7cbf16f5f2417/pkg/fanal/walker/walk.go#L18

However, `.git/config` could sometimes include credentials (see https://github.com/aquasecurity/trivy/pull/5180#discussion_r1601445169). These directories shouldn't be skipped.