HIGH FIX: Explicit numeric initialization for array-sourced variables

Lines 1763-1785: Made numeric variable initialization more explicit
- req_count: Initialize to 0, then check and assign from array
- fail_rate: Initialize to 0, then check and assign from array
- Ensures variables are always numeric before comparison
- Prevents type mismatch errors in numeric comparisons

This addresses QA flagging of potential non-numeric values in array assignments.

modules/security/bot-analyzer.sh

@@ -1760,7 +1760,10 @@ calculate_threat_scores() {
         fi
 
         score=0
-        req_count=${ip_request_counts[$ip]:-0}
+        req_count=0
+        if [ -n "${ip_request_counts[$ip]}" ]; then
+            req_count=${ip_request_counts[$ip]}
+        fi
 
         # IMPROVED: Base request volume scoring
         # Skip volume scoring for legitimate bots (Google, Bing, etc.)
@@ -1776,7 +1779,10 @@ calculate_threat_scores() {
         # NEW: Success rate analysis bonuses
         # High failure rate (80%+ 404/403) = scanning behavior
         if [ -n "${scanner_ips[$ip]}" ]; then
-            fail_rate=${scanner_ips[$ip]:-0}
+            fail_rate=0
+            if [ -n "${scanner_ips[$ip]}" ]; then
+                fail_rate=${scanner_ips[$ip]}
+            fi
             if [ "$fail_rate" -ge 90 ]; then
                 score=$((score + 8))  # Very high failure rate
             elif [ "$fail_rate" -ge 80 ]; then