Firebase functions exposure of api keys in client side code

Detects instances where Firebase project API keys are exposed directly in client-side code or passed insecurely in URLs when invoking functions. While not secrets, their misuse can contribute to other vulnerabilities.