feat: add ja4ebpf service — eBPF-based TLS/TCP fingerprinting daemon

- TC ingress hook captures TCP SYN (L3/L4) and TLS ClientHello
- Uprobes on SSL_read/SSL_set_fd capture decrypted TLS data
- Kprobes on accept4 correlate socket FDs to client IP:port
- JA4 fingerprint computed from parsed TLS ClientHello
- HTTP/2 SETTINGS and WINDOW_UPDATE extracted from decrypted streams
- Session manager with sharded map (256 shards) and GC goroutine
- Slowloris detection: sessions with no requests after 10s threshold
- ClickHouse batch writer to ja4_logs.http_logs_raw (raw_json)
- All tests pass: 17 parser + 10 correlation tests

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

services/ja4ebpf/Makefile

@@ -0,0 +1,34 @@
+# =============================================================================
+# Makefile — Cibles de build, test et packaging pour ja4ebpf
+# =============================================================================
+
+BINARY    := ja4ebpf
+IMAGE     := ja4ebpf
+VERSION   ?= 0.1.0
+
+.PHONY: generate build test docker-build help
+
+## generate: Compile les sources eBPF C → Go via bpf2go (dans Docker)
+generate:
+	docker build --target go-builder \
+		--build-arg SKIP_BINARY=true \
+		-f Dockerfile \
+		-t $(IMAGE)-generated:$(VERSION) \
+		../../
+
+## build: Construit l'image Docker de production complète
+build:  ## Construit l'image Docker finale
+	docker build -t $(IMAGE):$(VERSION) -f Dockerfile ../../
+
+## test: Exécute les tests unitaires Go dans Docker
+test:
+	docker build -f Dockerfile.tests -t $(IMAGE)-tests:$(VERSION) ../../ && \
+	docker run --rm $(IMAGE)-tests:$(VERSION)
+
+## docker-build: Alias combiné generate + build
+docker-build: build
+
+## help: Affiche cette aide
+help:
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | \
+		awk 'BEGIN {FS = ":.*?## "}; {printf "  \033[36m%-20s\033[0m %s\n", $$1, $$2}'