Enhance .gitignore with comprehensive private information protection

[Copilot]

Expanded .gitignore from 234 to 392 lines (+67%) with systematic protection against accidental commits of sensitive data across modern JavaScript/TypeScript toolchains.

Key Additions

Authentication & Secrets

• Playwright E2E auth states (**/playwright/.auth/, **/storage-state.json, *.auth.json)
• Private key pattern variations covering PRIVATE_KEY, SECRET_KEY, API_KEY in all common naming conventions (uppercase, snake_case, kebab-case)
• Session storage exports (localStorage, sessionStorage, IndexedDB, cookies)

Deployment & Platform

• Vercel deployment artifacts (.vercel/, deployment configs)
• Next.js internals (.next/cache/, *.trace.json, *.tsbuildinfo, build manifests)
• Source maps (*.js.map, *.css.map, *.ts.map) to prevent source exposure

Build Tools & Caches

• Modern bundler caches: Turbo, SWC, Webpack, Metro, Parcel
• Debug artifacts: heap dumps, CPU profiles, flame graphs, HAR files

Development Tools

• API tool environments: Postman, Insomnia, Thunder Client private configs
• Error tracking: Sentry debug files, Datadog logs, crash reports
• Security reports: npm/yarn audit, Snyk, Trivy, OWASP outputs

Personal Files

• Refined *.local.* patterns for configuration overrides
• Personal notes/configs with .local suffix (avoids false positives on NOTES.md, my-component.ts)

Example Protected Files

TRUSTED_SIGNER_PRIVATE_KEY.txt          # API key from .env.local.example
apps/web/playwright/.auth/state.json    # E2E test sessions
.vercel/project.json                    # Deployment config
bundle.js.map                           # Source map
security-report-2024.json               # Vulnerability scan

All patterns tested against 21 critical scenarios with zero false positives on legitimate project files.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.