What this PR does

Adds a passive SNMP provider. The user's existing snmptrapd daemon receives the trap; a tiny exec hook forwards it as JSON to Keep's webhook endpoint. The provider parses the payload into an AlertDto. Same webhook-receiver shape as the Prometheus / Grafana providers.

Why webhook-based and not a native UDP listener inside Keep? Port 162 is privileged, and a per-tenant/per-replica UDP listener inside the API server doesn't fit Keep's deployment model (horizontally scaled, no shared port claim). Delegating raw SNMP handling to snmptrapd keeps the provider small, stateless, deploy-shape-agnostic, and consistent with how every other monitoring-tool integration in the repo works.

Features

• Built-in severity map for standard RFC 1907 / RFC 3418 trap OIDs (coldStart, warmStart, linkDown, linkUp, authenticationFailure, egpNeighborLoss)
• User-configurable default_severity for unknown trap OIDs
• Explicit severity field in the payload always wins
• Varbinds exposed as labels["var:<oid>"] so they're queryable without clobbering top-level keys
• Fingerprint = sha256(trap_oid|source_address) → same trap from same host dedupes correctly
• simulate_alert with 4 representative trap fixtures for UI testing

Demo Video

The video shows: connect the provider from the UI → POST a linkDown trap to the webhook URL → POST an authenticationFailure trap → both alerts land in the feed with correct severity (high, warning), source: snmp, and varbinds visible on the labels.

Testing that i have done

• poetry run pytest tests/test_snmp_provider.py -v → 10 passed
• poetry run pre-commit run --files <new files> → all green (black, isort, ruff, end-of-files, trailing whitespace)
• Manual end-to-end: webhook round-trip verified; alerts appear in the feed within ~1s

Checklist

• Follows CONTRIBUTING.md (PEP8, black, isort)
• Tests added and passing
• Documentation added
• Provider icon added
• No changes to unrelated files
• simulate_alert works from the UI

Closes #2112

/claim #2112