feat(dashboard): rebuild SOC dashboard + fix ClickHouse SQL

Complete rewrite of the SOC dashboard using FastAPI + Jinja2 + htmx + Chart.js + Tailwind CSS.
Replaces the old React/Vite frontend with server-rendered templates.

Dashboard pages:
- Overview: KPIs, timeline chart, threat distribution, top IPs
- Detections: paginated/filterable anomaly table
- Scores: ml_all_scores with AE error & XGB prob columns
- Traffic: HTTP logs with method/host filters
- IP Investigation: full deep-dive (scores, features, HTTP logs, classify)
- Classification: SOC feedback form + history
- Features: AI + thesis feature stats
- Models: scoring stats + model metadata

API: 9 JSON endpoints with parameterized queries, sort whitelists

SQL fixes:
- 05_aggregation_tables: add deduplicate_merge_projection_mode
- 11_views: fix nested aggregate (argMax inside sum)
- 12_thesis_features: remove invalid 'let' bindings, fix groupArrayIf type

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

services/dashboard/backend/config.py

@@ -1,31 +1,20 @@
-"""
-Configuration du Dashboard Bot Detector
-"""
-from pydantic_settings import BaseSettings
+import os
+import re
+
+CLICKHOUSE_HOST = os.getenv("CLICKHOUSE_HOST", "localhost")
+CLICKHOUSE_PORT = int(os.getenv("CLICKHOUSE_PORT", "8123"))
+CLICKHOUSE_USER = os.getenv("CLICKHOUSE_USER", "default")
+CLICKHOUSE_PASSWORD = os.getenv("CLICKHOUSE_PASSWORD", "")
+DB_PROCESSING = os.getenv("CLICKHOUSE_DB_PROCESSING", os.getenv("CLICKHOUSE_DB", "ja4_processing"))
+DB_LOGS = os.getenv("CLICKHOUSE_DB_LOGS", "ja4_logs")
+API_HOST = os.getenv("API_HOST", "0.0.0.0")
+API_PORT = int(os.getenv("API_PORT", "8000"))
+
+_SAFE_IDENT = re.compile(r"^[a-zA-Z_][a-zA-Z0-9_]*$")
 
 
-class Settings(BaseSettings):
-    """Paramètres de configuration de l'application chargés depuis l'environnement."""
-    # ClickHouse
-    CLICKHOUSE_HOST: str = "clickhouse"
-    CLICKHOUSE_PORT: int = 8123
-    CLICKHOUSE_DB: str = "ja4_processing"  # default connection database
-    CLICKHOUSE_DB_LOGS: str = "ja4_logs"
-    CLICKHOUSE_DB_PROCESSING: str = "ja4_processing"
-    CLICKHOUSE_USER: str = "admin"
-    CLICKHOUSE_PASSWORD: str = ""
-
-    # API
-    API_HOST: str = "0.0.0.0"
-    API_PORT: int = 8000
-
-    # CORS
-    CORS_ORIGINS: list = ["http://localhost:3000", "http://127.0.0.1:3000"]
-
-    class Config:
-        """Configuration Pydantic pour le chargement du fichier .env."""
-        env_file = ".env"
-        case_sensitive = True
-
-
-settings = Settings()
+def safe_identifier(name: str) -> str:
+    """Validate that a string is a safe SQL identifier."""
+    if not _SAFE_IDENT.match(name):
+        raise ValueError(f"Unsafe identifier: {name!r}")
+    return name