chore: add pre-commit-hooks to prevent checking in any confidential information

.githooks/pre-commit

+#!/bin/bash
+#
+# An example hook script to verify what is about to be committed.
+# Called by "git commit" with no arguments.  The hook should
+# exit with non-zero status after issuing an appropriate message if
+# it wants to stop the commit.
+#
+# To enable this hook, rename this file to "pre-commit".
+
+if git rev-parse --verify HEAD >/dev/null 2>&1
+then
+	against=HEAD
+else
+	# Initial commit: diff against an empty tree object
+	against=$(git hash-object -t tree /dev/null)
+fi
+
+# If you want to allow non-ASCII filenames set this variable to true.
+allownonascii=$(git config --bool hooks.allownonascii)
+
+# Redirect output to stderr.
+exec 1>&2
+
+# Cross platform projects tend to avoid non-ASCII filenames; prevent
+# them from being added to the repository. We exploit the fact that the
+# printable range starts at the space character and ends with tilde.
+if [ "$allownonascii" != "true" ] &&
+	# Note that the use of brackets around a tr range is ok here, (it's
+	# even required, for portability to Solaris 10's /usr/bin/tr), since
+	# the square bracket bytes happen to fall in the designated range.
+	test $(git diff --cached --name-only --diff-filter=A -z $against |
+	  LC_ALL=C tr -d '[ -~]\0' | wc -c) != 0
+then
+	cat <<\EOF
+Error: Attempt to add a non-ASCII file name.
+
+This can cause problems if you want to work with people on other platforms.
+
+To be portable it is advisable to rename the file.
+
+If you know what you are doing you can disable this check using:
+
+  git config hooks.allownonascii true
+EOF
+	exit 1
+fi
+
+# If there are whitespace errors, print the offending file names and fail.
+# exec git diff-index --check --cached $against --
+
+
+
+################################################################################
+## Everything below this is customized, everything above is from the example. ##
+################################################################################
+
+### PREPARE
+
+# Expand aliases and make alias command work in the bash script.
+shopt -s expand_aliases
+
+REPOPATH="$(git rev-parse --show-toplevel)"
+GREP_CMD='grep -Rn --color'
+GREP_EXCLUDES="--exclude-dir=\.git --exclude-dir=\.githooks --exclude=*\.example"
+
+### YAMLLINT stage
+STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACM)
+YAML_FILES=$(git diff --cached --name-only --diff-filter=ACM | grep ".yml$")
+if [[ ${YAML_FILES} != "" ]]; then
+	for file in ${YAML_FILES}; do
+		yamllint "${file}"
+		if [[ ${?} -ne 0 ]]; then
+			exit 1
+		fi
+	done
+fi && echo "SUCCESS: Yamllint stage."
+
+### VAULT detection stage
+VAULT_FILES=$(git diff --cached --name-only --diff-filter=ACM | grep ".vault$")
+if [[ ${VAULT_FILES} != "" ]]; then
+	echo "ERROR: Vaultfiles found:"
+	for file in ${VAULT_FILES}; do
+		echo "- ${file}"
+	done
+	exit 1
+fi
+# https://docs.ansible.com/ansible/latest/user_guide/vault.html#vault-format
+if [[ ${STAGED_FILES} != "" ]]; then
+	for file in ${STAGED_FILES}; do
+		grep -e "\$ANSIBLE_VAULT;[[:digit:]]\.[[:digit:]];AES256" "${file}"
+		[[ ${?} -eq 0 ]] && echo "ERROR: Ansible-Vault in String found in file '${file}'." && exit 1
+	done
+fi
+echo "SUCCESS: Vault detection stage."
+
+### URL detection stage
+${GREP_CMD} ${GREP_EXCLUDES} -e "http[s]*.*git.*SLUB" -e "http[s]*.*git.*slub" -e "git@" "${REPOPATH}"
+if [[ ${?} -eq 0 ]]; then
+	echo "ERROR: found internal URLs."
+	exit 1;
+fi
+echo "SUCCESS: URL detection stage."
+
+### IP address detection stage
+# This is pretty basic regex matching, but it's a start.
+IP_REGEX='[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'
+${GREP_CMD} ${GREP_EXCLUDES} -e "${IP_REGEX}" "${REPOPATH}" | grep -v "127.0.0"
+if [[ ${?} -eq 0 ]]; then
+	echo "ERROR: found IP address."
+	exit 1;
+fi
+echo "SUCCESS: IP address detection stage."
+
+### SSH-Key detection stage
+${GREP_CMD} ${GREP_EXCLUDES} -e "ssh-[dr]sa " "${REPOPATH}"
+if [[ ${?} -eq 0 ]]; then
+	echo "ERROR: found SSH key."
+	exit 1;
+fi
+echo "SUCCESS: SSH Key detection stage."
+
+
+
+
+### DONE
+# Return explicit 0.
+exit 0;