feat: new instance-based attack for data leakage in SVM/kNN models

[shamykyzer]

• New InstanceBasedAttack detects training data leakage in models that store raw instances, support vectors (SVC, NuSVC, OneClassSVM) and stored neighbours (KNeighborsClassifier, KNeighborsRegressor)
• Compares stored instances against training data via np.allclose, reports first ten matches with feature previews, plus storage fraction and match fraction metrics
• Unwraps sklearn.Pipeline so the comparison runs in the final estimator's feature space
• Detects differentially private model variants and surfaces a mitigation note
• Registered in the factory under "instance_based"
• Match Fraction glossary updated to "A non-zero match fraction confirms data leakage" per Jim's review
• Module level constants extracted: INSTANCE_MATCH_ATOL = 1e-8, N_EXAMPLES = 10, N_FEATURE_PREVIEW = 10

Closes [New Feature Request] New Attack: Model contains training data#59
Closes #454

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.66%. Comparing base (7176627) to head (a0c25cd).

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #431      +/-   ##
==========================================
+ Coverage   99.65%   99.66%   +0.01%     
==========================================
  Files          27       28       +1     
  Lines        3439     3632     +193     
==========================================
+ Hits         3427     3620     +193     
  Misses         12       12              

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[jim-smith]

@shamykyzer Just a couple of minor changes to make please.
If you want to raise the 'move dealing with pipelines into utils.py' as a separate issue, and leave that code in here for now that is fine.

[shamykyzer]

Hi @jim-smith, could you please review this PR so far?

thanks a lot.

[jim-smith]

Still needs changes. I think the way it is implemented is possibly more efficient and the overall message "does this mode lcintain training instances' is answered correctly.

However, the way that the record level results are presented (is this stored instance present in the training set) is inconsistent with the way it is presented for other attacks (which would be 'is this training record stored in the model'. Quick change to create a new field,
individual_risk:np.array = np.zeros(X_train.shape[0],dtype=int) and then a for loop setting to 1 (True) the index of training record you have stored in individual level results