feat(export): add slack, pagerduty, and discord webhook sinks

[abhinavuser]

fixes #29

added built-in webhook sinks for kerno doctor findings. wired up the --sink, --severity-floor, and --sink-dedupe flags.
what's included:

• Sink interface with exponential backoff retries on 5xx errors
• in-memory deduplicator to prevent flapping rules from spamming on-call
• slack integration using block kit format for clean readability
• pagerduty integration via events api v2. handles trigger events and automatically sends a resolve event when a finding clears in continuous mode
• discord integration utilizing discord's native slack-compat url suffix
• kerno_sinks_deduped_total and kerno_sinks_failed_total metrics
• full test suite using httptest.Server
  all env vars like KERNO_SLACK_WEBHOOK_URL are expanded automatically if passed as flag values to keep shell history clean.

Signed-off-by: abhinavuser abhinavkumarv2101@gmail.com

[github-actions]

🚀 First PR — welcome aboard!

A few things to expect:

1. CI: every PR runs build + race tests + lint + (eventually) the kernel matrix. If something fails, the log will tell you exactly which gate.
2. DCO: every commit needs Signed-off-by: — git commit -s adds it automatically.
3. Conventional Commits: PR titles like feat(doctor): add new rule or fix(bpf): handle X. We squash-merge by default.
4. Review: a maintainer will review within 72 hours. Suggestions are conversations, not orders — push back if something doesn't fit your context.

If you get stuck, reply here or jump to Discussions. We want this PR to land.

[btwshivam]

dont spam. first get your past pRs merged

[btwshivam]

fix conflict and rebase with main.. then ill review tag me

[abhinavuser]

hey @btwshivam i was waitin for my first pr to get merged thats why the delay but now the rebase is done and the merge conflict in internal/cli/doctor.go is resolved
i also noticed and fixed a small unused import/missing io package issue in sink.go that is causing the CI linter to fail early
ready for your review when you have a chance

[btwshivam]

solid sink package: raw net/http with per-client timeouts, sinks run after render and failures are logged not fatal, dedupe and pagerduty state are both mutex-guarded, and no webhook urls get logged. two notes, neither blocking.

[btwshivam]

sinks send synchronously and sequentially here. each Send can take ~30s on a dead endpoint (10s client timeout times up to 3 retries plus backoff), so three unreachable sinks hang the command ~90s after the report already printed, and in continuous mode it stalls the next cycle. rendering first and treating failures as non-fatal is right, but dispatch each sink in its own goroutine (a sync.WaitGroup, the per-request timeouts already bound each one) so one slow webhook doesn't block the others or the cli.

[btwshivam]

--dry-run-sinks help says print payloads instead of sending, but the dry-run branches only log the finding count (dry-run sink ... findings=N), not the actual slack/pagerduty/discord json. debugging a block-kit or events-api-v2 payload is exactly when you'd want to see the body. either render the payload each sink would send, or change the help text to match what it does.