fix(ci): replace gitleaks-action with container-based gitleaks

gitleaks-action@v2 requires a paid license for org repos. Switch to
running gitleaks from the dev-toolchain container instead.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: matthew-on-git

.github/workflows/ci.yml

@@ -31,8 +31,13 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
 
       - name: Run gitleaks
-        uses: gitleaks/gitleaks-action@v2
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          docker run --rm \
+            -v "$(pwd):/workspace" \
+            -w /workspace \
+            ghcr.io/devrail-dev/dev-toolchain:v1 \
+            gitleaks detect --source . --report-format json --report-path /tmp/gitleaks-results.json