Deprecate SquareUp Detector

[nabeelalam]

Description:

This PR deprecates the SquareUp detector.

The verification endpoint (GET /oauth2/authorize) returns inconsistent status codes regardless of whether the secret is valid, causing secrets to flip between "live" and "rotated" repeatedly.

Also, the sq0idp- prefix identifies a SquareUp OAuth Client ID, which is a public identifier, not a secret. The actual secret is being handled by the SquareApp detector.

Changes:

• Marked Squareup as [deprecated = true] in detectors.proto and regenerated detectors.pb.go
• Removed squareup.Scanner registration from defaults.go
• Deleted pkg/detectors/squareup/

Checklist:

• Tests passing (make test-community)?
• Lint passing (make lint this requires golangci-lint)?

---

Note

Low Risk
Low risk: this removes a detector and its tests from the default detector set, mainly impacting detection coverage and any downstream code relying on Squareup results.

Overview
Deprecates and effectively disables the Squareup detector. The Squareup enum value in proto/detectors.proto is now marked deprecated (with regenerated detectors.pb.go reflecting this).

The squareup detector implementation and its unit/integration tests under pkg/detectors/squareup/ are deleted, and squareup.Scanner{} is removed from pkg/engine/defaults/defaults.go so it no longer runs by default.

^{Written by Cursor Bugbot for commit 6542ab1. This will update automatically on new commits. Configure here.}

[MuneebUllahKhan222]

LG 🚀