feat(authx): SOPS integration

[dwisiswant0]

Proposed changes

Close #5840

Note

github.com/getsops/sops/v3 requires go >= 1.22.

How has this been tested?

1. Build

gh pr checkout 5841
make build

2. Test

$ gpg --import pkg/authprovider/authx/testData/private.asc
$ go test -v -race -run ^TestSecretsUnmarshal$ github.com/projectdiscovery/nuclei/v3/pkg/authprovider/authx
=== RUN   TestSecretsUnmarshal
=== RUN   TestSecretsUnmarshal/encrypted
--- PASS: TestSecretsUnmarshal (0.02s)
    --- PASS: TestSecretsUnmarshal/encrypted (0.01s)
PASS
ok  	github.com/projectdiscovery/nuclei/v3/pkg/authprovider/authx	1.191s

3. Proof

With encrypted values:

$ ./bin/nuclei -secret-file pkg/authprovider/authx/testData/example-auth.enc.yaml -t test.yaml -u http://scanme.sh -debug-req

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.3.6

		projectdiscovery.io

[INF] Current nuclei version: v3.3.6 (latest)
[INF] Current nuclei-templates version: v10.0.4 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 74
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [test] Dumped HTTP request for http://scanme.sh/

GET / HTTP/1.1
Host: scanme.sh
User-Agent: Mozilla/5.0 (Knoppix; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/********* Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Authorization: Basic dGVzdDp0ZXN0
Cookie: PHPSESSID=1a2b3c4d5e6f7g8h9i0j
Accept-Encoding: gzip

[INF] No results found. Better luck next time!

Regular secret file (non-encrypted):

$ ./bin/nuclei -secret-file pkg/authprovider/authx/testData/example-auth.yaml -t test.yaml -u http://scanme.sh -debug-req

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.3.6

		projectdiscovery.io

[INF] Current nuclei version: v3.3.6 (latest)
[INF] Current nuclei-templates version: v10.0.4 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 74
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [test] Dumped HTTP request for http://scanme.sh/

GET / HTTP/1.1
Host: scanme.sh
User-Agent: Mozilla/5.0 (Fedora; Linux i686; rv:127.0) Gecko/20100101 Firefox/127.0
Connection: close
Accept: */*
Accept-Language: en
Authorization: Basic dGVzdDp0ZXN0
Cookie: PHPSESSID=1a2b3c4d5e6f7g8h9i0j
Accept-Encoding: gzip

[INF] No results found. Better luck next time!

4. Cleanup

gpg --delete-secret-keys C6C11FC4DA74DC979109CBD48EB7405A1F8D1930
gpg --delete-key C6C11FC4DA74DC979109CBD48EB7405A1F8D1930

Checklist

• Pull request is created against the dev branch
• All checks passed (lint, unit/integration/regression tests etc.) with my changes
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)

[tarunKoyalwar]

lgtm !

suggesting minor changes

• fix gh workflows ( probably because we need to bump go version in workflows)
• update version in dockerfile and docs
• add documentation related to entire lifecycle ( creating secrets file -> encrypting it -> passing it to nuclei ) [update at docs.projectdiscovery.io ]
• (optional) remove json supports from secrets file ( while there is no real reason behind not supporting it , its just that we have sticked to using yaml and we haven't seen a requirements from user about requiring json )

[dwisiswant0]

• fix gh workflows ( probably because we need to bump go version in workflows)

nah, this is likely because we’re using a deprecated package (ast.Package). On the workflow side, nothing needs to be changed since it automatically follows the go.mod version. This package is used in bindgen. Can you help handle this?

[dogancanbakir]

LGTM - a follow up ticket is needed in pd/docs to add examples for other supported methods like aws kms, azure key vault, hashicorp vault, so on.