Reduce false positives in Chatbot detector

[rootranjan]

Fixes #4628

Description:

Reduce false positives in Chatbot detector by filtering out legitimate code identifiers that match the detector pattern.

Changes:

• Add filters to exclude letters-only matches (no digits)
• Filter out snake_case patterns (variable/table names)
• Filter out camelCase/PascalCase patterns (code identifiers)
• Fix lint error by properly handling res.Body.Close() error

This reduces false positives from legitimate code identifiers like variable names, class names, and schema names while still detecting real Chatbot API keys that contain digits and have higher entropy.

Problem:
The Chatbot detector was flagging any 32-character alphanumeric string near the keyword "chatbot" as a potential secret, including:

• PascalCase variable names (e.g., internalFeatureNavigationManager)
• Snake_case identifiers (e.g., analytics_abc_meltsys_adachatbot)
• Class names, function names, and configuration keys

Solution:
Added isLikelyFalsePositive() helper function that filters out:

1. Strings with only letters (no digits) - Real API keys typically contain digits
2. Snake_case patterns (^[a-z]+(_[a-z]+)+$) - Common for variable/table names
3. CamelCase/PascalCase patterns - Common for code identifiers

Checklist:

• Tests passing (make test-community)?
• Lint passing (make lint this requires golangci-lint)?

[kashifkhan0771]

I’m not opposed to these changes - they look reasonable. However, they would need to be applied across many detectors. At the moment, we try to avoid modifying existing detectors unless there’s a high-priority issue.

We plan to add these validations as part of an upcoming feature, detectors as config, which will bring existing detectors closer to how custom_detector works. (Note that these validations already exist in custom_detector.)