feat: Admin Operations SIEM — alerts, notifications, pre-built rules

- Add pluggable notification system (webhook, Slack, Teams) with retry
- Add alert deduplication: same rule + actor within 15 min = one alert
- Add 10 pre-built admin-ops rule templates seeded on startup:
  - Failed Conditional Access, After-Hours Admin Activity
  - New Application Registration, Admin Role Assignment
  - License Change, Bulk User Deletion
  - Device Compliance Failure, Exchange Transport Rule Change
  - Service Principal Credential Added, External Sharing Enabled
- Add /api/alerts, /api/alerts/{id}/status, /api/alerts/summary endpoints
- Add alert dashboard to frontend with status filters and ack/resolve buttons
- Add alert summary badge in hero header (high/medium/low counts)
- New env vars: ALERT_WEBHOOK_URL, ALERT_WEBHOOK_FORMAT, ALERT_DEDUPE_MINUTES

backend/config.py

@@ -63,6 +63,11 @@ class Settings(BaseSettings):
     # UI defaults
     DEFAULT_PAGE_SIZE: int = 24
 
+    # Alert notifications
+    ALERT_WEBHOOK_URL: str = ""
+    ALERT_WEBHOOK_FORMAT: str = "generic"  # generic | slack | teams
+    ALERT_DEDUPE_MINUTES: int = 15
+
 
 _settings = Settings()
 
@@ -104,3 +109,7 @@ PRIVACY_SERVICE_ROLES = {r.strip() for r in _settings.PRIVACY_SERVICE_ROLES.spli
 
 REDIS_URL = _settings.REDIS_URL
 DEFAULT_PAGE_SIZE = _settings.DEFAULT_PAGE_SIZE
+
+ALERT_WEBHOOK_URL = _settings.ALERT_WEBHOOK_URL
+ALERT_WEBHOOK_FORMAT = _settings.ALERT_WEBHOOK_FORMAT
+ALERT_DEDUPE_MINUTES = _settings.ALERT_DEDUPE_MINUTES