Fix 10 HIGH integer comparisons in security modules (malware-scanner, optimize-ct-limit, live-attack-monitor)

FIXES:
malware-scanner.sh:
- Line 433: $skip → ${skip:-0}
- Line 938: $flagged_ips → ${flagged_ips:-0}

optimize-ct-limit.sh:
- Line 811: $AUTO_MODE → ${AUTO_MODE:-0}
- Line 845: $AUTO_MODE → ${AUTO_MODE:-0}
- Line 879: $AUTO_MODE → ${AUTO_MODE:-0}

live-attack-monitor.sh:
- Line 232: $hits → ${hits:-0}
- Line 253: $new_score → ${new_score:-0}
- Line 260: $new_score → ${new_score:-0}
- Line 269: $new_score → ${new_score:-0}
- Line 319: $hits → ${hits:-0}

IMPACT:
- Prevents "integer expression expected" errors
- Safe defaults for all integer comparisons
- More robust error handling

QA STATUS:
- 10 more HIGH issues remain in live-attack-monitor.sh
- Will address in next commit

modules/security/live-attack-monitor.sh

@@ -229,7 +229,7 @@ update_ip_intelligence() {
     hits=$((hits + 1))
 
     # Enrich with threat intelligence on first encounter (hits == 1)
-    if [ $hits -eq 1 ]; then
+    if [ "${hits:-0}" -eq 1 ]; then
         # Check if whitelisted first
         if is_whitelisted_service "$ip" 2>/dev/null; then
             score=0
@@ -250,14 +250,14 @@ update_ip_intelligence() {
                     local current_data="${IP_DATA[$ip]}"
                     IFS='|' read -r old_score old_hits old_bot old_attacks old_ban old_rep <<< "$current_data"
                     local new_score=$((old_score + 30))
-                    [ $new_score -gt 100 ] && new_score=100
+                    [ "${new_score:-0}" -gt 100 ] && new_score=100
                     IP_DATA[$ip]="$new_score|$old_hits|$old_bot|$old_attacks|$old_ban|$old_rep"
                 elif [ "${abuse_conf:-0}" -ge 50 ]; then
                     # Medium confidence - add 15 points
                     local current_data="${IP_DATA[$ip]}"
                     IFS='|' read -r old_score old_hits old_bot old_attacks old_ban old_rep <<< "$current_data"
                     local new_score=$((old_score + 15))
-                    [ $new_score -gt 100 ] && new_score=100
+                    [ "${new_score:-0}" -gt 100 ] && new_score=100
                     IP_DATA[$ip]="$new_score|$old_hits|$old_bot|$old_attacks|$old_ban|$old_rep"
                 fi
 
@@ -266,7 +266,7 @@ update_ip_intelligence() {
                     local current_data="${IP_DATA[$ip]}"
                     IFS='|' read -r old_score old_hits old_bot old_attacks old_ban old_rep <<< "$current_data"
                     local new_score=$((old_score + 5))
-                    [ $new_score -gt 100 ] && new_score=100
+                    [ "${new_score:-0}" -gt 100 ] && new_score=100
                     IP_DATA[$ip]="$new_score|$old_hits|$old_bot|$old_attacks|$old_ban|$old_rep"
                 fi
             ) &
@@ -316,7 +316,7 @@ update_ip_intelligence() {
     fi
 
     # Request volume scoring
-    if [ $hits -gt 100 ]; then
+    if [ "${hits:-0}" -gt 100 ]; then
         score=$((score + 5))
     elif [ $hits -gt 50 ]; then
         score=$((score + 3))