Replace per-source enable booleans with SourcePrecheck and bump SDK to v1.9.0

Sources that always work (botvrij, disconnect, oisd, openphish, phishtank, quad9) drop their user-facing enable_* option; the rule's enabled/disabled state is now solely controlled by the SDK rule toggle. Sources that require credentials (criminalip, malwarebazaar, otx, pulsedive, safebrowsing, threatfox, urlhaus, virustotal) instead implement the new SourcePrecheck interface so the host UI can surface "not configured" before attempting a query.

checker/quad9.go

@@ -36,21 +36,11 @@ func (*quad9Source) ID() string   { return "quad9" }
 func (*quad9Source) Name() string { return "Quad9 secure DNS" }
 
 func (*quad9Source) Options() SourceOptions {
-	return SourceOptions{
-		User: []sdk.CheckerOptionField{
-			{
-				Id:          "enable_quad9",
-				Type:        "bool",
-				Label:       "Use Quad9 secure DNS check",
-				Description: "Compare Quad9's secure resolver (9.9.9.9) against its unsecured peer (9.9.9.10). A domain that resolves on the unsecured but returns NXDOMAIN on the secure resolver is blocked by Quad9's threat intelligence.",
-				Default:     true,
-			},
-		},
-	}
+	return SourceOptions{}
 }
 
 func (s *quad9Source) Query(ctx context.Context, domain, registered string, opts sdk.CheckerOptions) []SourceResult {
-	if !sdk.GetBoolOption(opts, "enable_quad9", true) || registered == "" {
+	if registered == "" {
 		return disabledResult(s.ID(), s.Name())
 	}