feat(plugin): add VPN, NTP, syslog, and certificate inventory controls

[unclesp1d3r]

Summary

Add 4 additional inventory controls to the Firewall compliance plugin, extending the inventory system introduced in #510.

Context

PR #510 added the inventory control infrastructure (Type: "inventory", Configuration Notes rendering, compliance map exclusion) and shipped 2 initial controls (FIREWALL-062 DHCP Scope Inventory, FIREWALL-063 Active Interface Summary). These 4 controls complete the planned inventory set.

Proposed Controls

ID	Title	Data Source	Description
FIREWALL-064	VPN Tunnel Inventory	device.VPN.IPsec.Tunnels, device.VPN.OpenVPN.Servers/Clients	Reports active IPsec and OpenVPN tunnels
FIREWALL-065	NTP Server Configuration	device.System.TimeServers	Reports configured NTP time servers
FIREWALL-066	Remote Syslog Configuration	device.Syslog.RemoteServer*	Reports remote syslog server targets
FIREWALL-067	Certificate Inventory	device.Certificates, device.CAs	Reports configured certificates and CAs

Implementation Pattern

Follow the pattern established in checks_inventory.go:

• Check function returns checkResult{Result: true, Known: true} when data exists
• Finding uses Type: "inventory", Severity: "info"
• Control NOT registered in EvaluatedControlIDs
• Called from runInventoryChecks in RunChecks
• Dynamic description with counts/names

Files to Modify

• internal/plugins/firewall/controls.go — add 4 control definitions
• internal/plugins/firewall/checks_inventory.go — add check functions and description helpers
• internal/plugins/firewall/checks_inventory_test.go — add test coverage
• internal/plugins/firewall/firewall_test.go — update totalControls constant

References

• PR fix(audit): count info severity, add inventory controls, render Configuration Notes (#449) #510 — inventory control infrastructure
• Issue bug(audit): countSeverities silently drops "info" and unknown severity levels, causing per-plugin summary undercounting #449 — parent issue