feat(lab3): SSH signing + gitleaks pre-commit + history rewrite practice

[AskoRBINKAs]

Goal

Complete Lab 3: SSH commit signing, gitleaks pre-commit scanning, and bonus history rewrite practice.

Changes

• Added .pre-commit-config.yaml with gitleaks, detect-private-key, and check-added-large-files.
• Updated submissions/lab3.md with SSH signing evidence, STRIDE-R reflection, gitleaks blocked-commit output, tune-out exercise, and bonus git filter-repo results.

Testing

pre-commit install
pre-commit run --all-files
git commit -m "test: should be blocked by gitleaks"
python -m git_filter_repo --force --replace-text /tmp/replace.txt
git log -p | grep -c 'ghp_'
git log -p | grep -c 'REDACTED'

Observed output:

pre-commit installed at .git/hooks/pre-commit

gitleaks blocked the fake GH PAT in submissions/leak-attempt.txt:
RuleID: github-pat
Finding: GH_PAT=REDACTED

Bonus rewrite verification:
before ghp_ count: 2
after ghp_ count: 0
after REDACTED count: 2

Artifacts & Screenshots

• submissions/lab3.md
• .pre-commit-config.yaml
• Verified badge commit link: AskoRBINKAs@ea0bfeb

---

Checklist

• Title is clear (feat(labN): <topic> style)
• No secrets/large temp files committed
• Submission file at submissions/labN.md exists
• Task 1 — SSH signing configured + Verified badge on commit
• Task 2 — .pre-commit-config.yaml + gitleaks demonstrably blocking
• Bonus — filter-repo rewrite practice documented