feat(correlation): add include_dest_ports filter + README/arch update (v1.1.12)

- feat: new config directive include_dest_ports ([]int) in correlation section
- feat: if non-empty, only events with a matching dst_port are correlated
- feat: filtered events are silently ignored (not correlated, not emitted as orphan)
- feat: new metric failed_dest_port_filtered tracked in ProcessEvent
- feat: DEBUG log 'event excluded by dest port filter: source=A dst_port=22'
- test: TestCorrelationService_IncludeDestPorts_AllowedPort
- test: TestCorrelationService_IncludeDestPorts_FilteredPort
- test: TestCorrelationService_IncludeDestPorts_EmptyAllowsAll
- docs(readme): full rewrite to match current code (v1.1.12)
- docs(readme): add include_dest_ports section, fix version refs, clean outdated sections
- docs(arch): add dest_port_filtering section, failed_dest_port_filtered metric, debug log example
- fix(config.example): remove obsolete stdout.level field
- chore: bump version to 1.1.12

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

config.example.yml

@@ -36,7 +36,6 @@ outputs:
 
   stdout:
     enabled: false
-    level: INFO  # DEBUG: all logs including orphans, INFO: only correlated, WARN: correlated only, ERROR: none
 
 correlation:
   # Time window for correlation (A and B must be within this window)
@@ -74,6 +73,16 @@ correlation:
     - 172.16.0.0/12        # CIDR range (private network)
     - 10.10.10.0/24        # Another CIDR range
 
+  # Restrict correlation to specific destination ports (optional)
+  # If non-empty, only events whose dst_port matches one of these values will be correlated
+  # Events on other ports are silently ignored (not correlated, not emitted as orphans)
+  # Useful to focus on HTTP/HTTPS traffic only and ignore unrelated connections
+  # include_dest_ports:
+  #   - 80    # HTTP
+  #   - 443   # HTTPS
+  #   - 8080  # HTTP alt
+  #   - 8443  # HTTPS alt
+
 # Metrics server configuration (optional, for debugging/monitoring)
 metrics:
   enabled: false