REFACTOR: IMPLEMENT SECURE QUERY BUILDER FOR JSON-BASED RULES

[somethingwithproof]

SUMMARY
The current Syslog alert and removal rule engine supports an 'sql' type that allows administrators to input raw SQL fragments directly into a text box. These fragments are stored in syslog_alert.message or syslog_remove.message and later concatenated into poller queries within functions.php (e.g., syslog_get_alert_sql, syslog_remove_items).

Existing pattern:

1. Fetch rule from DB.
2. If type is 'sql', directly embed message string into a WHERE clause.
3. Execute via syslog_db_fetch_assoc or syslog_db_execute.

WHY REFACTOR
The existing design creates a significant second-order SQL injection risk. While the input is restricted to administrators, any compromise of an admin account or accidental entry of malformed SQL can lead to database exposure or poller failure. Furthermore, it prevents full parameterization of the core processing loop.

PROPOSED CHANGE
Introduce a namespaced QueryBuilder engine (Cacti\Syslog\QueryBuilder) that:

1. Accepts a structured JSON payload representing filtering logic (field, operator, value).
2. Validates fields against a strict allow-list.
3. Generates a fully parameterized SQL string and a corresponding array of bound parameters.
4. Provides a deprecated fallback for legacy raw SQL rules to ensure a migration path.

SCOPE

• Implementation of src/QueryBuilder.php.
• Integration into functions.php for alert and removal processing.
• Addition of unit tests in tests/Unit/QueryBuilderTest.php using Pest.
• Behavior-preserving for legacy rules while enabling secure JSON-based rules.