[INS-456] Add Microsoft Teams Webhook V2 detector

[mustansir14]

Summary

Microsoft has introduced a new webhook format for Teams based on Power Automate workflows. The old format (*.webhook.office.com/webhookb2/...) is being replaced by Power Automate trigger URLs hosted on *.environment.api.powerplatform.com. This PR adds a v2 detector for the new URL format and restructures the existing detector into a versioned layout.

Motivation

Highlighted by #2693. The underlying v1 issue cannot be fully resolved since Microsoft has deprecated the old Incoming Webhook connector format and new v1 webhooks can no longer be generated. This PR adds support for the replacement Power Automate format.

Changes

New: pkg/detectors/microsoftteamswebhook/v2/

• Detects Power Automate-based Teams webhook URLs of the form:

  https://<envId>.<region>.environment.api.powerplatform.com/powerautomate/automations/direct/workflows/<workflowId>/triggers/manual/paths/invoke?...&sig=<sig>
  

• The URL path is matched strictly; the query string is matched loosely ([^\s"'<>]+) so that parameter ordering changes do not break detection.
• A second pattern (sigPat) requires the sig parameter to be present anywhere in the query string — without it the URL is not a valid credential.
• Verification: POST with {"text":"hi from trufflehog"} (intentionally omits "type" so the flow accepts the request without delivering a message to the channel). Status mapping: 202 → verified, 400/401 → unverified, other → verification error.
• Implements CustomFalsePositiveChecker returning false — Power Automate URLs contain common English words (default, invoke, run, etc.) that would otherwise be suppressed by the engine's wordlist filter.
• Reuses DetectorType_MicrosoftTeamsWebhook = 114 with Version() int { return 2 }.

Restructured: pkg/detectors/microsoftteamswebhook/v1/

• Moved existing detector files into a v1/ subdirectory to match the convention used by other versioned detectors (e.g. atlassian/v1, atlassian/v2).
• Added Version() int { return 1 } and detectors.Versioner interface assertion.
• Added "version" field to ExtraData.
• Restored //go:build detectors build tag on the integration test (had been inadvertently stripped).

Updated: pkg/engine/defaults/defaults.go

• Replaced bare microsoftteamswebhook import with aliased microsoftteamswebhookv1 and microsoftteamswebhookv2 imports.
• Both scanners registered alongside each other — v1 is not removed.

Checklist:

• Tests passing (make test-community)?
• Lint passing (make lint this requires golangci-lint)?

---

Note

Medium Risk
Introduces a new URL-matching and remote verification path that can affect scan results (false positives/negatives) and increases outbound verification traffic for Teams webhook candidates.

Overview
Adds a new microsoftteamswebhook v2 detector to identify and optionally verify the new Power Automate workflow webhook URLs on *.environment.api.powerplatform.com, including query-string sig enforcement and a verification POST that treats 202 as valid and 400/401 as invalid.

Restructures the existing Teams webhook detector as v1 by implementing detectors.Versioner and attaching a version field to results, and updates defaults.go to register both microsoftteamswebhook/v1 and /v2 scanners so both formats are detected.

^{Reviewed by Cursor Bugbot for commit 85c763f. Bugbot is set up for automated code reviews on this repo. Configure here.}