gitleaks does not scan correct files with pre-commit run --files

[krakeusz]

Describe the bug
gitleaks pre-commit hook scans the staged files instead of the files that pre-commit requests to scan.

To Reproduce
Steps to reproduce the behavior:

# assuming pre-commit 2.21.0, go 1.22.3
mkdir -p precommit-reproduce
rm -rf precommit-reproduce/*
cd precommit-reproduce
git init
cat > .pre-commit-config.yaml <<EOF
repos:
- repo: https://github.com/gitleaks/gitleaks
  rev: v8.18.2
  hooks:
    - id: gitleaks
EOF
echo "export BUNDLE_ENTERPRISE__CONTRIBSYS__COM=cafebabe:deadbeef" > leak.go
git add .pre-commit-config.yaml leak.go
git commit -m "Initial commit with a leak"
pre-commit install
pre-commit run --files leak.go   # succeeds, but should not

echo "export BUNDLE_ENTERPRISE__CONTRIBSYS__COM=cafebabe:deadbeef" >> leak.go
git add leak.go
# This one fails as expected.
git commit -m "Add another leak"

Expected behavior

• pre-commit run --files leak.go should fail with a message about a leak

Screenshots
none

Basic Info (please complete the following information):

• OS: Ubuntu 20.04
• Gitleaks Version: 8.18.2

Additional context

pre-commit run --files is a use case eg. in merge-gate scenario in CI. A generic way of running pre-commit on all changed files in a PR is to git diff the changes between source and target branch, then feed the list to pre-commit.

The workaround is probably to use gitleaks-action or to write custom code which creates a scan baseline. But couldn't gitleaks accept a list of files to scan, so that it integrates nicely with less-commonly-used commands of pre-commit?

cc @zricethezav