fix(7552): prevent branch names starting with hex chars from matching commit ID pattern

[Gbolahan-Aziz]

Description

Fixes #7552

When a Terraform module source uses a ?ref= value that is a branch name starting with hex characters (e.g. 1014016-chekov-branch-bug), Checkov incorrectly identifies the hex prefix as a commit ID.

COMMIT_ID_PATTERN lacked an end anchor, so re.sub would strip only the matched hex portion (e.g. ?ref=1014016) from the URL, leaving the remainder (-chekov-branch-bug) dangling — which then got appended to the repository name, producing a clone address that does not exist:

# Before fix — corrupted clone URL
git clone ssh://.../cat-tf-modules-chekov-branch-bug

# After fix — correct clone URL
git clone ssh://.../cat-tf-modules  (branch: 1014016-chekov-branch-bug)

The fix adds (?:&|$) to COMMIT_ID_PATTERN so it only matches a ref value that is purely hexadecimal with nothing following it. Branch/tag names that start with hex characters now fall through to TAG_PATTERN and are cloned correctly.

Checklist:

• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have added tests that prove my feature, policy, or fix is effective and works
• New and existing tests pass locally with my changes