feat: multi-distro VM tests, ja4ebpf eBPF improvements, bot-detector scoring

ja4ebpf:
- Refactor BPF TC capture with improved SYN offset handling and TCP option parsing
- Enhance TLS uprobe SSL hooking for better key extraction
- Add ClickHouse writer improvements for HTTP log materialized views
- Update RPM spec for Rocky Linux 8/9/10, fix systemd service
- Simplify loader with cleaner bpf2go integration

bot-detector:
- Add H2 SETTINGS per-parameter comparison in browser_matcher
- Enhance browser signatures and scoring pipeline
- Improve preprocessing and cycle detection

infra:
- Multi-distro Vagrantfile (centos8, rocky9, rocky10) with per-distro provisioning
- New Makefile targets: vm-up-all, test-vm-matrix, test-vm-centos8/rocky10
- Add debug helpers and run-test-from-host.sh for host-driven VM testing
- Update run-tests-vm.sh for cross-distro compatibility
- Remove accidental binary blob (\004)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

tests/vm/Vagrantfile

@@ -1,7 +1,12 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 # =============================================================================
-# Vagrantfile — VM de test ja4ebpf sur Rocky Linux 9
+# Vagrantfile — VMs de test ja4ebpf multi-distro
+#
+# 3 VMs pour les tests unitaires eBPF sur kernel réel :
+#   - centos8    : CentOS 8 (el8)
+#   - rocky9     : Rocky Linux 9 (el9)
+#   - rocky10    : Rocky Linux 10 (el10)
 #
 # Fournit un environnement kernel complet pour les tests eBPF :
 #   - tracefs / debugfs montés
@@ -14,47 +19,69 @@
 #   sudo usermod -aG libvirt,kvm $USER  # puis se reconnecter
 #
 # Utilisation :
-#   vagrant up             # créer + provisionner (~5 min)
-#   vagrant ssh            # connexion SSH
-#   make test-vm-nginx     # lancer les tests depuis le host
-#   vagrant destroy -f     # détruire la VM
+#   vagrant up                  # créer + provisionner toutes les VMs
+#   vagrant up rocky9           # créer une seule VM
+#   vagrant ssh rocky9          # connexion SSH
+#   make test-vm-nginx          # test nginx sur Rocky 9 (défaut)
+#   make test-vm-all            # tous les tests sur Rocky 9
+#   ./tests/vm/run-all-vms.sh  # tests sur les 3 VMs
+#   vagrant destroy -f          # détruire toutes les VMs
 # =============================================================================
 
 Vagrant.configure("2") do |config|
 
-  # ── Box Rocky Linux 9 avec provider libvirt (image qcow2) ─────────────────
-  config.vm.box = "generic/rocky9"
-
-  # ── Désactiver synced_folder par défaut (utiliser rsync explicitement) ─────
+  # ── Désactiver synced_folder par défaut ─────────────────────────────────────
   config.vm.synced_folder ".", "/vagrant", disabled: true
 
-  # ── Provider libvirt ───────────────────────────────────────────────────────
+  # ── Provider libvirt commun ─────────────────────────────────────────────────
   config.vm.provider :libvirt do |v|
     v.cpus       = 4
     v.memory     = 4096
     v.nested     = false
-    v.cpu_mode   = "host-passthrough"   # expose les capacités CPU hôte → KVM perf
+    v.cpu_mode   = "host-passthrough"
     v.driver     = "kvm"
     v.disk_bus   = "virtio"
     v.nic_model_type = "virtio"
   end
 
-  # ── Synchronisation du projet via rsync ────────────────────────────────────
+  # ── Synchronisation du projet via rsync ─────────────────────────────────────
   config.vm.synced_folder "../..", "/ja4-platform",
     type: "rsync",
     rsync__exclude: [".git/", "old/", "*.rpm", "dist/"]
 
-  # ── Provisioning ───────────────────────────────────────────────────────────
-  config.vm.provision "shell", path: "provision.sh"
+  # ═══════════════════════════════════════════════════════════════════════════
+  # VM 1 : CentOS 8 (el8)
+  # ═══════════════════════════════════════════════════════════════════════════
+  config.vm.define "centos8", autostart: false do |node|
+    node.vm.box = "centos/8"
+    node.vm.provision "shell", path: "provision-el8.sh"
+    node.vm.post_up_message = "VM centos8 prête ! Tests : make test-vm-centos8"
+  end
 
-  # ── Message post-démarrage ─────────────────────────────────────────────────
-  config.vm.post_up_message = <<~MSG
-    VM ja4ebpf prête !
+  # ═══════════════════════════════════════════════════════════════════════════
+  # VM 2 : Rocky Linux 9 (el9) — VM par défaut
+  # ═══════════════════════════════════════════════════════════════════════════
+  config.vm.define "rocky9", primary: true do |node|
+    node.vm.box = "generic/rocky9"
+    node.vm.provision "shell", path: "provision.sh"
+    node.vm.post_up_message = <<~MSG
+      VM rocky9 prête !
+
+      Depuis la racine du projet :
+        make vm-ssh               # connexion interactive
+        make test-vm-nginx        # test nginx complet (L3/L4 + TLS + L7)
+        make test-vm-all          # tous les tests
+        make vm-rebuild-ja4ebpf   # resynchroniser + recompiler après modif
+    MSG
+  end
+
+  # ═══════════════════════════════════════════════════════════════════════════
+  # VM 3 : Rocky Linux 10 (el10)
+  # ═══════════════════════════════════════════════════════════════════════════
+  config.vm.define "rocky10", autostart: false do |node|
+    node.vm.box = "almalinux/10"
+    node.vm.provision "shell", path: "provision.sh"
+    node.vm.post_up_message = "VM rocky10 prête ! Tests : make test-vm-rocky10"
+  end
 
-    Depuis la racine du projet :
-      make vm-ssh               # connexion interactive
-      make test-vm-nginx        # test nginx complet (L3/L4 + TLS + L7)
-      make test-vm-all          # tous les tests
-      make vm-rebuild-ja4ebpf   # resynchroniser + recompiler après modif
-  MSG
 end