ci(secret-scanner): drop duplicate --fail from trufflehog extra_args (#108)

The v3 trufflehog action injects --fail automatically on pull_request
events; passing it again here triggers "flag 'fail' cannot be repeated"
and breaks every secret-scanner run. Aligns with hyperpolymath/rsr-template-repo#37.

Author: hyperpolymath

.github/workflows/secret-scanner.yml

@@ -20,7 +20,9 @@ jobs:
       - name: TruffleHog Secret Scan
         uses: trufflesecurity/trufflehog@17456f8c7d042d8c82c9a8ca9e937231f9f42e26 # v3
         with:
-          extra_args: --only-verified --fail
+          # The v3 action injects --fail automatically on pull_request events.
+          # Passing --fail here triggers "flag 'fail' cannot be repeated".
+          extra_args: --only-verified
 
   gitleaks:
     runs-on: ubuntu-latest
@@ -64,4 +66,4 @@ jobs:
           if [ $found -eq 1 ]; then
             echo "::error::Potential hardcoded secrets detected. Use environment variables instead."
             exit 1
-          fi
+          fi