Fix global allowlist being silently ignored in match_regex()

[spark1security]

Closes #55

Summary

• Bug fix: match_regex() in scanner.py only checked per-rule allowlists entries; the top-level allowlist section in regex.yaml was never read, so global regex and stopword exclusions had no effect.
• Fix: match_regex() now reads regex_config["allowlist"] at the start of each call. Global regexes are checked against the full scanned text (same logic as per-rule allowlists); global stopwords are checked as case-insensitive substrings of the matched secret string.
• Docs: Added a "Reducing False Positives" section to both USER_MANUAL.md and SDK_GUIDE.md explaining all three allowlist keys (regexes, stopwords, paths), with examples.
• Version bump: 1.2.4 → 1.2.5

Test plan

• Add a pattern to allowlist.regexes (e.g. (?i)^changeme$) and confirm a scan against that text produces no finding
• Add a word to allowlist.stopwords and confirm a scan whose match contains that word is suppressed
• Confirm a scan against text that does not match any allowlist entry still produces a finding
• Verify --regex-file with a custom allowlist works end-to-end on at least one platform

[blupants]

Please, also implement support to allowlist.paths for local, github and gitlab mode

[blupants]

LGTM