fix(docker): bouncer name strips wrong field from Docker secrets path

[tejgokani]

/kind fix
/area configuration

Summary

When registering bouncers via Docker/Podman secrets (Swarm mode), the bouncer
name was derived incorrectly. A secret file named bouncer_key_caddy produced
a bouncer named key_caddy instead of caddy.

Root cause

build/docker/docker_start.sh line 511:

# Before (buggy)
NAME=$(echo "${BOUNCER}" | awk -F "/" '{printf $NF}' | cut -d_  -f2-)

The secret basename bouncer_key_caddy has three _-separated fields:
bouncer | key | caddy

cut -d_ -f2- returns fields 2 onward → key_caddy.
cut -d_ -f3- returns fields 3 onward → caddy (correct).

The env-var registration loop at line 474 already uses f3- correctly for
BOUNCER_KEY_CADDY → CADDY. The secrets loop was inconsistent.

Fix

One character change on line 511:

-    NAME=$(echo "${BOUNCER}" | awk -F "/" '{printf $NF}' | cut -d_  -f2-)
+    NAME=$(echo "${BOUNCER}" | awk -F "/" '{printf $NF}' | cut -d_  -f3-)

Testing

Added test_register_bouncer_secret to build/docker/test/tests/test_bouncer.py.

The test mounts a mock secret file at /run/secrets/bouncer_key_caddy, starts
the container, and asserts the registered bouncer name is caddy — not key_caddy.

Before this fix, the test fails with: AssertionError: Bouncer name is 'key_caddy' — expected 'caddy'

Checklist

• One logical change per PR
• Regression test added
• Commit message references Fixes #4301
• No other files changed

Fixes #4301

[github-actions]

@tejgokani: There are no 'kind' label on this PR. You need a 'kind' label to generate the release automatically.

• /kind feature
• /kind enhancement
• /kind refactoring
• /kind fix
• /kind chore
• /kind dependencies

Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

[github-actions]

@tejgokani: There are no area labels on this PR. You can add as many areas as you see fit.

• /area agent
• /area local-api
• /area cscli
• /area appsec
• /area security
• /area configuration

Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 63.87%. Comparing base (5ce91a0) to head (79e39c8).

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #4490      +/-   ##
==========================================
- Coverage   63.88%   63.87%   -0.01%     
==========================================
  Files         478      478              
  Lines       34298    34298              
==========================================
- Hits        21911    21909       -2     
- Misses      10231    10232       +1     
- Partials     2156     2157       +1     

Flag	Coverage Δ
bats	46.49% <ø> (+<0.01%)	⬆️
unit-linux	37.31% <ø> (+0.07%)	⬆️
unit-windows	25.99% <ø> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[tejgokani]

@blotus take a look at this PR