fix(ci): remove hashFiles from job-level if in secret-scanner

hashFiles() in job-level if: caused a workflow file parse error.
Move the Cargo.toml check inside the run step instead, where find
can check after checkout.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: hyperpolymath

.github/workflows/secret-scanner.yml

@@ -37,12 +37,17 @@ jobs:
   # Rust-specific: Check for hardcoded crypto values
   rust-secrets:
     runs-on: ubuntu-latest
-    if: ${{ hashFiles('**/Cargo.toml') != '' }}
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
 
       - name: Check for hardcoded secrets in Rust
         run: |
+          # Skip if no Rust files
+          if ! find . -name "Cargo.toml" -print -quit | grep -q .; then
+            echo "No Cargo.toml found, skipping Rust secret scan"
+            exit 0
+          fi
+
           # Patterns that suggest hardcoded secrets
           PATTERNS=(
             'const.*SECRET.*=.*"'