feat: configurable k8s resources, CSIC training pipeline, unified Dockerfile

- Make K8s namespace, TLS secret, and config ConfigMap names configurable
  via [kubernetes] config section (previously hardcoded to "ingress")
- Add CSIC 2010 dataset converter and auto-download for scanner training
- Unify Dockerfile for local and production builds (remove cross-compile path)
- Bake ML models directory into container image
- Update CSIC dataset URL to self-hosted mirror (src.sunbeam.pt)
- Fix rate_limit pipeline log missing fields
- Consolidate docs/README.md into root README.md

Signed-off-by: Sienna Meridian Satterwhite <sienna@sunbeam.pt>

src/ddos/features.rs

@@ -70,6 +70,10 @@ impl IpState {
         self.events.len()
     }
 
+    pub fn is_empty(&self) -> bool {
+        self.events.is_empty()
+    }
+
     /// Prune events older than `window` from the logical view.
     /// Returns a slice of active events (not necessarily contiguous in ring buffer,
     /// so we collect into a Vec).
@@ -274,6 +278,12 @@ pub struct LogIpState {
     pub suspicious_paths: Vec<bool>,
 }
 
+impl Default for LogIpState {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
 impl LogIpState {
     pub fn new() -> Self {
         Self {