Fix 12 code review issues (4 MEDIUM + 8 LOW)

MEDIUM:
- M1: Whitelist direct IP/CIDR additions now persist to direct.txt
- M2: get_map_id() uses 5s TTL cache (single bpftool call for all maps)
- M3: IPv6 extension header parsing in xdp_ddos.c (hop-by-hop/routing/frag/dst)
- M4: Shell injection prevention - sanitize_input() + sys.argv[] for all Python calls

LOW:
- L1: Remove redundant self.running (uses _stop_event only)
- L2: Remove unused config values (rate_limit_after, cooldown_multiplier, retrain_interval)
- L3: Thread poll intervals reloaded on SIGHUP
- L4: batch_map_operation counts only successfully written entries
- L5: Clarify unique_ips_approx comment (per-packet counter)
- L6: Document LRU_HASH multi-CPU race condition as acceptable
- L7: Download Cloudflare IPv6 ranges in whitelist preset
- L8: Fix file handle leak in xdp_country.py list_countries()

Also: SIGHUP now preserves EWMA/violation state, daemon skips whitelisted
IPs in EWMA/AI escalation, deep copy for default config, IHL validation.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

lib/xdp_whitelist.py

@@ -35,7 +35,7 @@ PRESETS = {
 }
 
 def download_cloudflare():
-    """Download Cloudflare IP ranges"""
+    """Download Cloudflare IP ranges (IPv4 + IPv6)"""
     cidrs = []
     try:
         req = urllib.request.Request(
@@ -43,10 +43,23 @@ def download_cloudflare():
             headers={"User-Agent": "xdp-whitelist/1.0"}
         )
         with urllib.request.urlopen(req) as r:
-            cidrs.extend(r.read().decode().strip().split('\n'))
-        print(f"  Downloaded {len(cidrs)} IPv4 ranges")
+            v4 = r.read().decode().strip().split('\n')
+            cidrs.extend(v4)
+        print(f"  Downloaded {len(v4)} IPv4 ranges")
     except Exception as e:
         print(f"  [WARN] Failed to download IPv4: {e}")
+
+    try:
+        req = urllib.request.Request(
+            PRESETS["cloudflare"]["v6"],
+            headers={"User-Agent": "xdp-whitelist/1.0"}
+        )
+        with urllib.request.urlopen(req) as r:
+            v6 = r.read().decode().strip().split('\n')
+            cidrs.extend(v6)
+        print(f"  Downloaded {len(v6)} IPv6 ranges")
+    except Exception as e:
+        print(f"  [WARN] Failed to download IPv6: {e}")
     return cidrs
 
 def download_aws():
@@ -103,7 +116,7 @@ def add_whitelist(name, cidrs=None):
 
     if cidrs is None and wl_file.exists():
         with open(wl_file) as f:
-            cidrs = [line.strip() for line in f if line.strip() and ':' not in line]
+            cidrs = [line.strip() for line in f if line.strip()]
         if cidrs:
             print(f"[INFO] Using cached {name} ({len(cidrs)} CIDRs)")
 
@@ -200,9 +213,15 @@ def list_whitelist():
 
     for wl_file in sorted(files):
         name = wl_file.stem
-        count = sum(1 for line in open(wl_file) if line.strip() and ':' not in line)
+        with open(wl_file) as f:
+            cidrs = [line.strip() for line in f if line.strip()]
+        v4_count = sum(1 for c in cidrs if ':' not in c)
+        v6_count = len(cidrs) - v4_count
         desc = PRESETS.get(name, {}).get("desc", "Custom")
-        print(f"  {name}: {count} CIDRs ({desc})")
+        if v6_count > 0:
+            print(f"  {name}: {v4_count} v4 + {v6_count} v6 CIDRs ({desc})")
+        else:
+            print(f"  {name}: {v4_count} CIDRs ({desc})")
 
 def show_presets():
     """Show available presets"""