Add HAProxy tarpit escalation for exploit scanning protection

Implement progressive tarpit delays and threat detection to slow down
attackers scanning for exploits. Features include:

- Stick table to track attacks with 2-hour expiry
- Escalating tarpit delays based on threat level and repeat offenses
- Threat level detection (low/medium/high/critical) based on scan attempts
- Rate-based attack detection for burst/sustained/persistent attacks
- Automatic scan attempt tracking via HTTP error responses (400/401/403/404)
- Detection of suspicious paths (admin panels, config files, etc.)
- Trusted network bypass for local/monitoring systems
- Progressive escalation levels that increase tarpit duration
- Critical threat blocking with 429 status

The system uses HAProxy's built-in tarpit mechanism to delay responses
up to 60 seconds for persistent attackers, effectively slowing down
vulnerability scanners while maintaining service for legitimate users.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

templates/hap_header.tpl

@@ -45,5 +45,6 @@ defaults
     timeout server          10m
     timeout http-keep-alive 120s
     timeout check           10s
+    timeout tarpit          60s  # Maximum tarpit time for exploit scanners
     maxconn                 3000