release: version 1.0.2 - Audit security fixes and RPM packaging

Security hardening:
- Add input sanitization for method (32), path (2048), host (256), http_version (16)
- Prevent log injection via oversized HTTP values
- Add LOG_THROTTLED macro for consistent error reporting
- Improve socket state double-check pattern to avoid unnecessary reconnects

Code quality:
- Fix const qualifier warnings in get_header()
- Add flags field to module definition
- Add -Wno-error=format-security for compatibility

Documentation:
- Clarify timestamp precision (microseconds expressed as nanoseconds)
- Update README and architecture.yml

Testing:
- Add 4 unit tests for input sanitization
- All 78 tests passing

Packaging:
- Remove DEB package support (RPM only: el8, el9, el10)
- Add CHANGELOG file included in RPM packages
- Bump version to 1.0.2

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>

README.md

@@ -118,7 +118,7 @@ Each log entry is a single-line JSON object with a flat structure:
 | Field | Type | Description |
 |-------|------|-------------|
 | `time` | String | ISO8601 timestamp with timezone |
-| `timestamp` | Integer | Nanoseconds since epoch |
+| `timestamp` | Integer | Microseconds since epoch (expressed as nanoseconds for compatibility) |
 | `src_ip` | String | Client IP address |
 | `src_port` | Integer | Client port |
 | `dst_ip` | String | Server IP address |
@@ -129,7 +129,7 @@ Each log entry is a single-line JSON object with a flat structure:
 | `http_version` | String | HTTP protocol version |
 | `header_<Name>` | String | Flattened HTTP headers (e.g., `header_X-Request-Id`) |
 
-**Note:** Headers are logged as flat fields at the root level (not nested). Sensitive headers are automatically excluded.
+**Note:** Headers are logged as flat fields at the root level (not nested). Sensitive headers are automatically excluded. The `timestamp` field has microsecond precision (APR's `apr_time_now()` returns microseconds, multiplied by 1000 for nanosecond representation).
 
 ## Unix Socket Consumer