feat: integrate Coraza WAF with full UI and event logging

- Add coraza-caddy/v2 to Caddy Docker build
- Add waf_events + waf_log_parse_state DB tables (migration 0010)
- Add WafSettings type and get/save functions to settings
- Add WafHostConfig/WafMode types to proxy-hosts model
- Add resolveEffectiveWaf + buildWafHandler to caddy config generation
- Create waf-log-parser.ts: parse Coraza JSON audit log → waf_events
- Add WafFields.tsx per-host WAF UI (accordion, mode, CRS, directives)
- Add global WAF settings card to SettingsClient
- Add WAF Events dashboard page with search, pagination, severity chips
- Add WAF Events nav link to sidebar

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

src/lib/db/schema.ts

@@ -212,3 +212,29 @@ export const logParseState = sqliteTable('log_parse_state', {
   key: text('key').primaryKey(),
   value: text('value').notNull(),
 });
+
+export const wafEvents = sqliteTable(
+  'waf_events',
+  {
+    id: integer('id').primaryKey({ autoIncrement: true }),
+    ts: integer('ts').notNull(),
+    host: text('host').notNull().default(''),
+    clientIp: text('client_ip').notNull(),
+    countryCode: text('country_code'),
+    method: text('method').notNull().default(''),
+    uri: text('uri').notNull().default(''),
+    ruleId: integer('rule_id'),
+    ruleMessage: text('rule_message'),
+    severity: text('severity'),
+    rawData: text('raw_data'),
+  },
+  (table) => ({
+    tsIdx: index('idx_waf_events_ts').on(table.ts),
+    hostTsIdx: index('idx_waf_events_host_ts').on(table.host, table.ts),
+  })
+);
+
+export const wafLogParseState = sqliteTable('waf_log_parse_state', {
+  key: text('key').primaryKey(),
+  value: text('value').notNull(),
+});