fix: SSH key regex false positive with ImageMagick mime.xml

[JohannesLks]

Fixes #526
The regex -----BEGIN .* PRIVATE KEY.*----- was matching -----BEGIN PGP PRIVATE KEY BLOCK----- in /etc/ImageMagick-6/mime.xml, causing a false positive for SSH keys.

Fixed by removing the trailing .* before ----- so the regex now requires the key header to end directly with -----, which excludes PGP key definitions that have BLOCK-----` at the end.

Tested key types still detected:

• RSA PRIVATE KEY
• EC PRIVATE KEY
• OPENSSH PRIVATE KEY
• DSA PRIVATE KEY

[carlospolop]

Might this exclude other real private keys?

[JohannesLks]

@carlospolop No, the fix should be safe.
But you are indeed correct that any private key with text after KEY would not be detected. But I am not aware of any.
According to ssh-keygen manual, all supported key types (rsa, ecdsa, ecdsa-sk, ed25519, ed25519-sk) generate one of these headers:

• OpenSSH format : -----BEGIN OPENSSH PRIVATE KEY-----
• Legacy PEM: -----BEGIN RSA/EC/DSA PRIVATE KEY-----
• Encrypted: -----BEGIN ENCRYPTED PRIVATE KEY-----

RFC 7468 defines all standard PEM labels for private keys, and none of them have text after PRIVATE KEY.

The generic PKCS#8 header -----BEGIN PRIVATE KEY----- is not matched by the regex, but this was already the case before this fix and ssh-keygen never generates this format anyway.