refactor: replace hardcoded mabase_prod DB prefix with configurable settings

Replace all hardcoded 'mabase_prod.' table prefixes in dashboard route
SQL queries with configurable database names from settings:

- http_logs, http_logs_raw → settings.CLICKHOUSE_DB_LOGS
- All other tables → settings.CLICKHOUSE_DB_PROCESSING

Also qualify previously unqualified table references (bare FROM/JOIN
table_name) with the appropriate database prefix for consistency.

Each route file now imports 'from ..config import settings' and uses
f-strings with {settings.CLICKHOUSE_DB_PROCESSING} or
{settings.CLICKHOUSE_DB_LOGS} for database-qualified table names.

Files updated: analysis, attributes, audit, botnets, bruteforce,
clustering, detections, entities, fingerprints, header_fingerprint,
heatmap, incidents, investigation_summary, metrics, ml_features,
rotation, search, tcp_spoofing, variability (19 files).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

services/dashboard/backend/routes/header_fingerprint.py

@@ -4,6 +4,7 @@ Endpoints pour l'analyse des empreintes d'en-têtes HTTP
 from fastapi import APIRouter, HTTPException, Query
 
 from ..database import db
+from ..config import settings
 
 router = APIRouter(prefix="/api/headers", tags=["header_fingerprint"])
 
@@ -12,7 +13,7 @@ router = APIRouter(prefix="/api/headers", tags=["header_fingerprint"])
 async def get_header_clusters(limit: int = Query(50, ge=1, le=200)):
     """Clusters d'empreintes d'en-têtes groupés par header_order_hash."""
     try:
-        sql = """
+        sql = f"""
         SELECT
             header_order_hash                                                       AS hash,
             uniq(replaceRegexpAll(toString(src_ip), '^::ffff:', ''))               AS unique_ips,
@@ -22,16 +23,16 @@ async def get_header_clusters(limit: int = Query(50, ge=1, le=200)):
             groupArray(5)(sec_fetch_mode)                                           AS top_sec_fetch_modes,
             round(sum(has_cookie) * 100.0 / count(), 2)                            AS has_cookie_pct,
             round(sum(has_referer) * 100.0 / count(), 2)                           AS has_referer_pct
-        FROM mabase_prod.agg_header_fingerprint_1h
+        FROM {settings.CLICKHOUSE_DB_PROCESSING}.agg_header_fingerprint_1h
         GROUP BY header_order_hash
         ORDER BY unique_ips DESC
         LIMIT %(limit)s
         """
         result = db.query(sql, {"limit": limit})
 
-        total_sql = """
+        total_sql = f"""
         SELECT uniq(header_order_hash)
-        FROM mabase_prod.agg_header_fingerprint_1h
+        FROM {settings.CLICKHOUSE_DB_PROCESSING}.agg_header_fingerprint_1h
         """
         total_clusters = int(db.query(total_sql).result_rows[0][0])
 
@@ -73,14 +74,14 @@ async def get_header_clusters(limit: int = Query(50, ge=1, le=200)):
 async def get_cluster_ips(hash: str, limit: int = Query(50, ge=1, le=500)):
     """Liste des IPs appartenant à un cluster d'en-têtes donné."""
     try:
-        sql = """
+        sql = f"""
         SELECT
             replaceRegexpAll(toString(src_ip), '^::ffff:', '') AS ip,
             any(modern_browser_score)                          AS browser_score,
             any(ua_ch_mismatch)                                AS ua_ch_mismatch,
             any(sec_fetch_mode)                                AS sec_fetch_mode,
             any(sec_fetch_dest)                                AS sec_fetch_dest
-        FROM mabase_prod.agg_header_fingerprint_1h
+        FROM {settings.CLICKHOUSE_DB_PROCESSING}.agg_header_fingerprint_1h
         WHERE header_order_hash = %(hash)s
         GROUP BY src_ip
         ORDER BY browser_score DESC