Add AWS/GCP secret patterns to maintainer PII/secret scanner

[BOOK318]

Good first issue — extend a regex list, add tests.

The secret scanner in maintainer-automation/src/maintainerRiskChecks.js currently catches OpenAI, Anthropic, GitHub, AWS access key, Slack, and private key patterns.

Add patterns for:

• AWS secret access keys ([A-Za-z0-9/+=]{40} following an AWS access key ID)
• GCP service account JSON key files
• Generic JWT tokens

Acceptance:

• New patterns with tests in maintainer-automation/test/maintainerRiskChecks.test.js
• Existing tests still pass
• No real credentials committed