Renovate no Longer Allowing Certain Commands

Digging through the pipeline logs on renovate's scheduled pipelines show that recently several packages have failures as they are running commands that are not allowed:

 WARN: Post-upgrade task did not match any on allowedCommands list (repository=big-bang/product/maintained/renovate, baseBranch=main, branch=renovate/ironbank)
       "dep": "ghcr.io/renovatebot/renovate registry1.dso.mil/ironbank/container-hardening-tools/renovate/renovate registry1.dso.mil/ironbank/container-hardening-tools/renovate/renovate registry1.dso.mil/ironbank/container-hardening-tools/renovate/renovate registry1.dso.mil/ironbank/container-hardening-tools/renovate/renovate",
       "cmd": "bump-changelog '- ghcr.io/renovatebot/renovate 41.131.5 -> 41.135.4\\n- registry1.dso.mil/ironbank/container-hardening-tools/renovate/renovate 41.131.3 -> 41.132.5\\n- registry1.dso.mil/ironbank/container-hardening-tools/renovate/renovate 41.131.3 -> 41.132.5\\n- registry1.dso.mil/ironbank/container-hardening-tools/renovate/renovate 41.131.3 -> 41.132.5\\n- registry1.dso.mil/ironbank/container-hardening-tools/renovate/renovate 41.131.3 -> 41.132.5\\n'",
       "allowedCommands": [
         "^regenerate-helm-docs$",
         "^bump-chart-yaml$",
         "^match-chart-yaml-appversion$",
         "^bump-changelog '- {{{replace 'registry1.dso.mil/' '' depName}}} updated from {{{currentVersion}}} to {{{newVersion}}}'$",
         "^bump-changelog '- {{{replace 'registry1.dso.mil/' '' depName}}} updated from {{{replace 'v' '' currentVersion}}} to {{{replace 'v' '' newVersion}}}'$",
         "^bump-changelog '{{#each upgrades}}- {{depName}} {{currentVersion}} -> {{newVersion}}(\\\\n|\\n){{/each}}'$",
         "^upgrade-gitlabrunner '{{{newValue}}}'$",
         "^map-chart-yaml-appversion$",
         "^update-alloy-subcharts$",
         "^curl -sL 'https://github.com/kubernetes-sigs/gateway-api/releases/download/v{{newVersion}}/standard-install.yaml' -o chart/files/standard-install.yaml$",
         "^curl -sL 'https://github.com/kubernetes-sigs/gateway-api/releases/download/v{{newVersion}}/experimental-install.yaml' -o chart/files/experimental-install.yaml$"
       ],
       "trace_id": "21cba544b0f64996a6160e6eaff88372",
       "span_id": "983ef4a15ba8536a",
       "trace_flags": "01"

The above snippet was from a scheduled run about four weeks ago:

https://repo1.dso.mil/big-bang/pipeline-templates/renovate-runner/-/jobs/50190329

These errors can be found by searching for the following snippet: Post-upgrade task did not match

It does appear that these commands were meant to be allowed looking at the config, but they are no longer working as expected. It's not clear how long this has been broken as those commands will only trigger if an update is found so it's possible this has been going on for more than a month now.

• Update allowed commands to ensure they still work properly