Fix #7426: Support underscores in Vault and Consul secret reference paths

[bodis]

Fixes #7426

Description

Added underscore support to vaultMatch and consulMatch regex patterns to allow secret keys like API_KEY and DB_PASSWORD.

Before: $secret_vault.([A-Za-z0-9\/\-\.]+)
After: $secret_vault.([A-Za-z0-9_\/\-\.]+)

Motivation and Context

Vault references are currently truncated at underscores, forcing users to duplicate secrets with different names. This fixes the regex to match standard naming conventions used in production environments.

Example:

• Config: $secret_vault.kv-v2/path.API_KEY
• Current behavior: Only matches up to .API ❌
• Fixed behavior: Matches full path including .API_KEY ✅

This aligns vault/consul patterns with envValueMatch which already supports underscores.

Breaking Change Note

Potential edge case: If anyone is currently using the underscore as an intentional path terminator (e.g., $secret_vault.path.API_KEY expecting only .API to be processed with _KEY as a literal suffix), this will now include the full path. However, this use case is highly unlikely compared to the standard use of underscores in secret names.

How This Has Been Tested

• Built successfully with go build
• Verified regex patterns compile and match underscore paths correctly
• Tested backward compatibility with existing non-underscore references

Types of changes

New feature (low probability small breaking change but adds functionality) -