feat: comment spam content checks (URL-in-email, link limits)

- check_comment_content(): new method called from validate_comment()
  - Detects URL in email field (binance.info/register?ref=... pattern)
  - Blocks comments with more URLs than max_links threshold
  - Blocks any link from first-time commenters (0 approved comments)
- New options: block_url_in_email, block_links_new_commenters, max_links
- Admin: new "Comment Spam Content" card in Honeypot tab with toggles
  and max_links numeric input

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

includes/class-itk-admin.php

@@ -131,8 +131,10 @@ class ITK_Admin {
                 break;
             case 'save_settings_honeypot':
                 $this->save_settings_form('itk_honeypot', [
-                    'min_time', 'max_time', 'retain_days',
-                ], []);
+                    'min_time', 'max_time', 'retain_days', 'max_links',
+                ], [
+                    'block_url_in_email', 'block_links_new_commenters',
+                ]);
                 $this->redirect(['tab' => 'honeypot', 'saved' => 1]);
                 break;
             case 'save_settings_waf':
@@ -847,6 +849,34 @@ class ITK_Admin {
                 </form>
             </section>
 
+            <section class="itk-card">
+                <h2>Comment Spam Content</h2>
+                <p class="description" style="margin-bottom:16px">Content-based rules that catch spam comments that pass the honeypot and timing checks.</p>
+                <?php
+                $content_toggles = [
+                    'block_url_in_email'         => ['Block URL in Email Field',        'Block comments where the email field contains a URL instead of a real address'],
+                    'block_links_new_commenters' => ['Block Links from New Commenters', 'Block any comment with a URL or website from an author with zero approved comments'],
+                ];
+                foreach ($content_toggles as $key => [$label, $desc]):
+                    $this->render_toggle('itk_honeypot', $key, $label, $desc, $opts);
+                endforeach;
+                ?>
+                <form method="post" action="options-general.php?page=<?= self::MENU_SLUG ?>&tab=honeypot" style="margin-top:16px">
+                    <?php wp_nonce_field(self::NONCE_ACTION); ?>
+                    <input type="hidden" name="itk_action" value="save_settings_honeypot">
+                    <table class="form-table">
+                        <tr>
+                            <th>Max Links per Comment</th>
+                            <td>
+                                <input type="number" name="itk_honeypot[max_links]" value="<?= (int)($opts['max_links'] ?? 2) ?>" min="0" max="20">
+                                <p class="description">Block comments with more than this many URLs. Set 0 to disable.</p>
+                            </td>
+                        </tr>
+                    </table>
+                    <?php submit_button('Save Content Rules'); ?>
+                </form>
+            </section>
+
             <?php
             /* ── Central Honeypot API card ────────────────── */
             $hp_api   = ITK_HP_API::settings();