fix: wire up missing Prometheus metrics

[bswinnerton]

Description

All 16 prefixd_* metrics referenced in the Grafana dashboards (prefixd-operations.json and prefixd-security.json) were defined and initialized in metrics.rs, but only 5 were instrumented at runtime. This pull request wires up the remaining 11:

• prefixd_events_ingested_total — after ban events are stored
• prefixd_events_rejected_total — on duplicate events and guardrail rejections
• prefixd_mitigations_created_total — on successful mitigation creation (event ingest + manual API)
• prefixd_mitigations_active — gauge updated each reconciliation cycle, grouped by action_type/pop
• prefixd_mitigations_withdrawn_total — on detector unban and operator withdrawal
• prefixd_mitigations_expired_total — in the reconciliation expire loop
• prefixd_announcements_total — on successful announce/withdraw BGP calls
• prefixd_announcements_latency_seconds — histogram around successful announce/withdraw calls
• prefixd_reconciliation_runs_total — after each reconciliation cycle with success/error label
• prefixd_bgp_session_up — polls session_status() each reconciliation cycle
• prefixd_guardrail_rejections_total — with Debug variant name as reason label

Type of Change

• Bug fix (non-breaking change that fixes an issue)

Checklist

• My code follows the project's coding style
• I have run cargo fmt and cargo clippy
• I have added tests that prove my fix/feature works
• All new and existing tests pass (cargo test)
• I have updated documentation as needed
• I have updated CHANGELOG.md (for user-facing changes)

Note: no new tests added — the codebase has no existing pattern for asserting on Prometheus metric values. The instrumented code paths are already covered by the existing integration test suite.

Testing

• cargo fmt --check — passes
• cargo clippy -- -D warnings — passes
• cargo test — all 298 tests pass

[bswinnerton]

This is a little clunky but does the trick. If we wanted to take a dependency on strum, we could clean this up to be something like:

#[derive(strum::AsRefStr)]
enum GuardrailError {
    TtlRequired,           // .as_ref() => "TtlRequired"
    Safelisted { ip: String }, // .as_ref() => "Safelisted"
    QuotaExceeded { .. },  // .as_ref() => "QuotaExceeded"
}

let reason = match &e {
    PrefixdError::GuardrailViolation(g) => g.as_ref(),
    _ => "unknown",
};

[bswinnerton]

I couldn't find an easy way to derive the peer, so I opted to remove this from the instrumentation schema, but happy to put it back and add a placeholder like "global".

I also moved over to a Histogram so we don't have to do something like this:

crate::observability::metrics::ANNOUNCEMENTS_LATENCY
  .with_label_values(&[] as &[&str])

[lance0]

Thanks for catching this @bswinnerton! These metrics were defined but completely dead -- nice work wiring them all up. The label simplification on announcements_total/latency makes sense too since we don't have peer context at the handler level. Merged.