refactor: replace hardcoded mabase_prod DB prefix with configurable settings

Replace all hardcoded 'mabase_prod.' table prefixes in dashboard route
SQL queries with configurable database names from settings:

- http_logs, http_logs_raw → settings.CLICKHOUSE_DB_LOGS
- All other tables → settings.CLICKHOUSE_DB_PROCESSING

Also qualify previously unqualified table references (bare FROM/JOIN
table_name) with the appropriate database prefix for consistency.

Each route file now imports 'from ..config import settings' and uses
f-strings with {settings.CLICKHOUSE_DB_PROCESSING} or
{settings.CLICKHOUSE_DB_LOGS} for database-qualified table names.

Files updated: analysis, attributes, audit, botnets, bruteforce,
clustering, detections, entities, fingerprints, header_fingerprint,
heatmap, incidents, investigation_summary, metrics, ml_features,
rotation, search, tcp_spoofing, variability (19 files).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

services/dashboard/backend/routes/botnets.py

@@ -4,6 +4,7 @@ Endpoints pour l'analyse des botnets via la propagation des fingerprints JA4
 from fastapi import APIRouter, HTTPException, Query
 
 from ..database import db
+from ..config import settings
 
 router = APIRouter(prefix="/api/botnets", tags=["botnets"])
 
@@ -20,13 +21,13 @@ def _botnet_class(unique_countries: int) -> str:
 async def get_ja4_spread():
     """Propagation des JA4 fingerprints à travers les pays et les IPs."""
     try:
-        sql = """
+        sql = f"""
         SELECT
             ja4,
             unique_ips,
             unique_countries,
             targeted_hosts
-        FROM mabase_prod.view_host_ja4_anomalies
+        FROM {settings.CLICKHOUSE_DB_PROCESSING}.view_host_ja4_anomalies
         ORDER BY unique_countries DESC
         """
         result = db.query(sql)
@@ -56,12 +57,12 @@ async def get_ja4_spread():
 async def get_ja4_countries(ja4: str, limit: int = Query(30, ge=1, le=200)):
     """Top pays pour un JA4 donné depuis agg_host_ip_ja4_1h."""
     try:
-        sql = """
+        sql = f"""
         SELECT
             src_country_code                                                        AS country_code,
             uniq(replaceRegexpAll(toString(src_ip), '^::ffff:', ''))               AS unique_ips,
             sum(hits)                                                               AS hits
-        FROM mabase_prod.agg_host_ip_ja4_1h
+        FROM {settings.CLICKHOUSE_DB_PROCESSING}.agg_host_ip_ja4_1h
         WHERE ja4 = %(ja4)s
         GROUP BY src_country_code
         ORDER BY unique_ips DESC
@@ -85,13 +86,13 @@ async def get_ja4_countries(ja4: str, limit: int = Query(30, ge=1, le=200)):
 async def get_botnets_summary():
     """Statistiques globales sur les botnets détectés."""
     try:
-        sql = """
+        sql = f"""
         SELECT
             countIf(unique_countries > 100)                         AS total_global_botnets,
             sumIf(unique_ips, unique_countries > 50)                AS total_ips_in_botnets,
             argMax(ja4, unique_countries)                           AS most_spread_ja4,
             argMax(ja4, unique_ips)                                 AS most_ips_ja4
-        FROM mabase_prod.view_host_ja4_anomalies
+        FROM {settings.CLICKHOUSE_DB_PROCESSING}.view_host_ja4_anomalies
         """
         result = db.query(sql)
         row = result.result_rows[0]