fix(ja4ebpf): split bpf2go generate into Ja4Tc + Ja4Ssl, fix RPM systemd-rpm-macros

- Use two separate //go:generate directives (Ja4Tc for tc_capture.c, Ja4Ssl
  for uprobe_ssl.c) to avoid duplicate LICENSE symbol and multi-file clang issue
- Update loader.go to hold tcObjs/sslObjs separately with correct field names:
  UprobeSslSetFd, UprobeSslReadEntry, UretprobeSslReadExit,
  KprobeAccept4Entry, KretprobeAccept4Exit
- Add systemd-rpm-macros to all three RPM build stages (el8/el9/el10)
  so that %{_unitdir} macro resolves correctly
- RPMs now build successfully for el8, el9, el10

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

tests/integration/hitch-varnish/platform/hitch.conf

@@ -0,0 +1,33 @@
+# hitch.conf — TLS offloader hitch
+# Terminaison TLS sur port 443, transmission à Varnish (port 6081) via PROXY protocol.
+# Le PROXY protocol permet à Varnish de connaître la vraie IP source du client.
+# Réf: https://hitch-tls.org/
+
+# Adresse et port d'écoute TLS
+frontend = "[*]:443"
+
+# Backend Varnish (HTTP cleartext + PROXY protocol header)
+backend = "[127.0.0.1]:6081"
+
+# Fichier PEM : clé privée + certificat (concaténés)
+pem-file = "/etc/hitch/hitch.pem"
+
+# Activation du PROXY protocol v1 (texte) vers le backend
+write-proxy-v1 = on
+
+# Protocoles TLS acceptés
+tls-protos = TLSv1.2 TLSv1.3
+
+# Suites de chiffrement variées pour générer des JA4 distincts
+ciphers = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256"
+
+# ALPN : activer h2 pour HTTP/2 (si Varnish supporte)
+alpn-protos = "h2,http/1.1"
+
+# Nombre de workers (= nombre de cœurs pour les tests)
+workers = 2
+
+# Répertoire de travail
+daemon = off
+log-level = 1
+syslog = off