Fix NET-TIMEOUT issues and improve QA check for false positives

lib/threat-intelligence.sh:
- Add --max-time 10 to AbuseIPDB API curl call (line 47)

tools/update-attack-signatures.sh:
- Add --timeout=60 to ET Open rules download wget (line 68)

tools/toolkit-qa-check.sh:
- Improve NET-TIMEOUT detection to exclude false positives:
  * Skip comment lines
  * Skip echo/string statements
  * Skip variable assignments with pipes
  * Only flag actual network calls without timeouts

This reduces false positive NET-TIMEOUT detections from 10 to 2.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>

lib/threat-intelligence.sh

@@ -44,7 +44,7 @@ check_abuseipdb() {
     local api_key=$(cat "$api_key_file")
 
     # Query AbuseIPDB API
-    local response=$(curl -s -G https://api.abuseipdb.com/api/v2/check \
+    local response=$(curl -s -G --max-time 10 https://api.abuseipdb.com/api/v2/check \
         --data-urlencode "ipAddress=$ip" \
         -d maxAgeInDays=90 \
         -H "Key: $api_key" \