feat(scanner): support exclude patterns in opk.config.json

[NhanAZ]

What changed

Added support for an exclude array in opk.config.json to ignore specific files or directories from being scanned.

Why

Users frequently need to exclude certain paths from policy checks, such as generated directories, third-party code copied into the repo, or specific test files that intentionally contain rule violations.

How it works

The exclude array accepts a list of regular expression strings. For example:

{
  "exclude": [
    ".*ignored.*",
    "tests/.*"
  ]
}

If a file's relative path matches any of the compiled regular expressions, it is skipped during the file discovery phase. Note that \ path separators are normalized to / internally before matching to ensure consistent cross-platform behavior.

Testing

• Added scanner-config-exclude integration test in tests/scanner/scanner.test.ts.
• Verified that files inside excluded directories and files matching excluded substrings are ignored, while valid targets are still scanned.
• Total tests passed: 41/41.

Risks

None. Invalid regex patterns will fail compilation at runtime, which might throw an error during scan. We can optionally add a try-catch for RegExp compilation in a future polish iteration if needed, but standard regex errors provide good immediate feedback to the user.

Follow-up

Implement performance optimization for large repositories.