feat: observability, IP filtering, stdout/clickhouse fixes (v1.1.11)

- feat(observability): metrics server with /metrics and /health endpoints
- feat(observability): correlation metrics (events, success/failed, reasons, buffers)
- feat(correlation): IP exclusion filter (exact IPs and CIDR ranges)
- feat(correlation): pending orphan delay for late-arriving B events
- fix(stdout): sink is now a no-op for data; JSON must never appear on stdout
- fix(clickhouse): all flush errors were silently discarded, now properly logged
- fix(clickhouse): buffer overflow with DropOnOverflow now logged at WARN
- fix(clickhouse): retry attempts logged at WARN with attempt/delay/error context
- feat(clickhouse): connection success logged at INFO, batch sends at DEBUG
- feat(clickhouse): SetLogger() for external logger injection
- test(stdout): assert stdout remains empty for correlated and orphan logs
- chore(rpm): bump version to 1.1.11, update changelog
- docs: README and architecture.yml updated

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

config.example.yml

@@ -65,3 +65,20 @@ correlation:
   ttl:
     network_ttl_s: 120
 
+  # Exclude specific source IPs or CIDR ranges from correlation
+  # Events from these IPs will be silently dropped (not correlated, not emitted)
+  # Useful for excluding health checks, internal traffic, or known bad actors
+  exclude_source_ips:
+    - 10.0.0.1             # Single IP
+    - 192.168.1.100        # Another single IP
+    - 172.16.0.0/12        # CIDR range (private network)
+    - 10.10.10.0/24        # Another CIDR range
+
+# Metrics server configuration (optional, for debugging/monitoring)
+metrics:
+  enabled: false
+  addr: ":8080"  # Address to listen on (e.g., ":8080", "localhost:8080")
+  # Endpoints:
+  #   GET /metrics - Returns correlation metrics as JSON
+  #   GET /health  - Health check endpoint
+