feat: initial InformatiQ Toolkit plugin

Merges informatiq-wp-secure + informatiq-utils + HoneypotFields into
a single unified plugin with the following improvements:

- Fixed deactivation bug: all protection methods now guard themselves
  with their own option check so toggling off via AJAX takes effect
  immediately without any hook re-registration.
- Added rate-limiting for good/legitimate bots (Googlebot, Bingbot,
  DuckDuckBot, Yandex, etc.) via transient sliding-window counters;
  configurable per-bot limits in goodbots.conf (BotName|req/min);
  returns HTTP 429 with Retry-After: 60 when over limit.
- Unified MySQL-backed logging (itk_bot_log + itk_honeypot_log tables)
  replaces the old wp_options-based 100-entry cap.
- New Dashboard tab with terminal-style bot activity monitor: total
  blocked, today's count, rate-limited hits, top threat sources
  (bar chart), top IPs, top honeypot form types, active-module
  status panel.
- All optimizations from utils.php merged into Optimization tab as
  toggleable settings (was always-on before).
- Single admin page (Settings → InformatiQ Toolkit) with 8 tabs:
  Dashboard | Bot Blocker | Protection | Optimization | Honeypot |
  Bot Logs | Honeypot Logs | Config Files.
- Config file editor for badbots.conf, goodbots.conf, referrers.conf,
  networks.conf, allowed-ips.conf with AJAX save and transient flush.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

config/payloads.conf

@@ -0,0 +1,66 @@
+# Known attack payload regex patterns
+# One pattern per line, these are checked against request parameters and user input
+# Lines starting with # are comments
+
+# XSS attack patterns
+# Pattern for alert/prompt/confirm execution
+/(?:<|%3C|&lt;)(?:script|iframe|svg|img|a).*?(?:alert|prompt|confirm|eval)\s*\(.*?\)/i
+# Pattern for script injection
+/(?:<|%3C|&lt;)script.*?(?:>|%3E|&gt;)/i
+# Pattern for event handlers like onerror, onload, etc.
+/\bon(?:error|load|click|mouseover|focus|blur)\s*=\s*["']?(?:alert|prompt|confirm|eval)/i
+# Pattern for javascript: protocol
+/javascript\s*:\s*(?:alert|prompt|confirm|eval)/i
+# Pattern for data URI scheme with script
+/data\s*:\s*(?:text|application)\/(?:javascript|html).*?base64/i
+
+# SQL Injection patterns
+# Pattern for basic SQL injection attempts
+/(?:'\s*OR\s*'[\w\d]+'?\s*=\s*'[\w\d]+)|(?:"\s*OR\s*"[\w\d]+"?\s*=\s*"[\w\d]+")/i
+# Pattern for SQL comments
+/(?:--|#|\/\*)[^\w\d]*(?:union|select|insert|update|delete|drop|alter)/i
+# Pattern for UNION SELECT attempts
+/union\s+(?:all\s+)?select/i
+# Pattern for SQL batch commands
+/;\s*(?:drop|alter|create|truncate|rename|insert|update|delete)/i
+
+# Remote file inclusion patterns
+# Pattern for external URL inclusion
+/(?:https?|ftp|php|data|file):\/\/[^\s\n"')>]+/i
+# Pattern for directory traversal
+/(?:\.\.\/|\.\.\\|\.\.\%2f|\.\.\%5c)[^\s\n"')>]+/i
+# Pattern for PHP wrapper usage
+/php:\/\/(?:filter|input|memory|output|temp)/i
+
+# Command injection patterns
+# Pattern for shell command execution
+/[;&|`]\s*(?:ls|cat|cd|pwd|echo|rm|cp|mv|sudo|chmod|chown|wget|curl)/i
+# Pattern for command substitution
+/\$\([^\)]*\)|`[^`]*`/i
+# Pattern for direct system command injection
+/system\s*\(|exec\s*\(|shell_exec\s*\(|passthru\s*\(|eval\s*\(/i
+
+# Local file inclusion patterns
+# Pattern for path traversal
+/(?:\/|\\|\.\.|%2f|%5c)(?:etc|bin|usr|home|var|root|windows|system32)/i
+# Pattern for sensitive file access
+/(?:\/|\\|\.\.|%2f|%5c)(?:passwd|shadow|hosts|config|wp-config|web\.config)/i
+
+# XML/XXE injection patterns
+/<!(?:DOCTYPE|ENTITY)[\s\S]*?(?:SYSTEM|PUBLIC)[\s\S]*?["']/i
+
+# CSRF token extraction
+/(?:csrf|xsrf|token|auth)["']?\s*[:=]\s*["']?[a-zA-Z0-9_-]+/i
+
+# Serialization attacks
+/[ORCo]:[0-9]+:/i
+
+# General suspicious patterns
+# Pattern for base64 encoded payloads
+/(?:[A-Za-z0-9+\/]{20,}={0,2})/
+# Pattern for hex encoded payloads
+/(?:0x[A-Fa-f0-9]{10,})/
+# Pattern for URL encoded characters sequence
+/(?:%[0-9A-Fa-f]{2}){8,}/
+# Pattern for large number of special characters
+/[!@#$%^&*()_+\-=\[\]{}|;':",./<>?]{10,}/