feat(ttp/ipv6_leak): wire Ipv6LeakLifter into composite tagger and worker

- Add "ipv6_leak" to KNOWN_SOURCE_KINDS in ttp/base.py
- Register Ipv6LeakLifter(store) in factory.py get_tagger()
- Subscribe worker to attacker.fingerprinted; route by Event.type
  so JARM/HASSH/ipv6_leak share the topic without source_kind collision
- Add bump_attacker_ipv6_leak() to BaseRepository (abstract) +
  TTPMixin (implementation): increments ipv6_leak_count, sets last_ipv6_*
  denorm fields, appends-with-dedup to AttackerIdentity.ipv6_link_local_iids
- Call bump_attacker_ipv6_leak from _process_event after insert_tags
- Add DummyRepo stub + coverage call in tests/db/test_base_repo.py

decnet/web/db/repository.py

@@ -1549,6 +1549,23 @@ class BaseRepository(ABC):
         """Fleet-wide distinct-technique rollup."""
         raise NotImplementedError
 
+    @abstractmethod
+    async def bump_attacker_ipv6_leak(
+        self,
+        attacker_uuid: str,
+        identity_uuid: Optional[str],
+        evidence: dict[str, Any],
+    ) -> None:
+        """Increment ``Attacker.ipv6_leak_count``, set ``last_ipv6_*`` denorm
+        fields, and append-with-dedup to ``AttackerIdentity.ipv6_link_local_iids``.
+
+        *evidence* is an ``Ipv6LinkLocalLeakEvidence``-shaped dict carrying
+        ``addr``, ``iid_kind``, ``mac_oui``, and ``observed_at``.  Missing
+        keys default to empty string.  The method is idempotent for the
+        count but deduplicates IID entries by ``addr``.
+        """
+        raise NotImplementedError
+
     @abstractmethod
     async def list_ttp_tags_by_attacker(
         self, uuid: str, limit: int = 2000,