fixed regex typo that was causing conf uuid's to be surfaced as non-live atlassian secrets.

[jordanTunstill]

Fix(atlassian/v1): removes stray dash from keyPat character class
The character class [a-zA-Z-0-9] accidentally admitted - as a
literal, allowing the detector to carve a 24-char slice out of UUID-
shaped strings (e.g. Confluence ac:macro-id="451a36ca-3009-404c-a6b2- 63cb71b229ce") when the keyword "atlassian" appeared within 40 chars.
Real classic Atlassian API tokens are 24 alphanumeric characters with
no dashes, this tightens the class to [a-zA-Z0-9] and adds a regression
test.

Checklist:

• Tests passing (make test-community)?
• Lint passing (make lint this requires golangci-lint)?

---

Note

^{Cursor Bugbot is generating a summary for commit 4246f15. Configure here.}

[github-actions]

Corpora Test Results

Scans a corpus of real-world public code against only the detectors changed in this PR, then compares unique match counts between the PR build and the main baseline to catch regex regressions. Verification is disabled — each detector's regex is measured independently.

1 regressed · 0 new · 0 clean  |  Scoped to: atlassian

Status	Detector	Unique matches (main)	Unique matches (PR)	New	Removed
🔴	Atlassian	38	0	0	38

• 🔴 regression: >5 new, >20% increase over main, or any removed
• ⚠️ warning: 1–5 new and ≤20% increase over main
• ✅ clean
• 🆕 new detector (no baseline)

[MuneebUllahKhan222]

This change is acceptable, but note that the v1 detector targets Atlassian classic tokens, which are no longer issuable and cannot be used for verification anymore. Additionally, our secret manager does not contain any classic tokens for validation.

Given this, if we are comfortable taking the assumption that classic tokens do not include a -, then removing support for - is reasonable.

The LLM analysis also aligns with this, indicating that classic tokens do not contain hyphens.