enhance: change -3 to -4 to handle outliers in timebased bf

[LaurenceJJones]

Description

Problem

With [-3:] (3 events = 2 intervals), the median calculation is vulnerable to outliers:

Events: 09:17:15, 09:17:17, 09:17:18, 10:17:14
Last 3: 09:17:17, 09:17:18, 10:17:14
Intervals: [1s, 60min]
Median of 2 = average = (1s + 60min) / 2 ≈ 30min → TRIGGERS (false positive)

With only 2 intervals, there's no true "middle" value—the median becomes the average of both, so a single outlier heavily skews the result.

Solution

With [-4:] (4 events = 3 intervals), we get a true median:

Events: 13:00:00, 13:00:02, 13:00:04, 14:00:04
Intervals: [2s, 2s, 60min]
Sorted: [2s, 2s, 60min]
Median of 3 = middle value = 2s → NO trigger ✓

A single outlier can never exceed 1/3 of the intervals, so the median reliably reflects the typical pattern rather than being skewed by one anomalous gap.

Summary

┌────────┬───────────┬───────────────────┬───────────────────┐
│ Config │ Intervals │ Outlier influence │    Median type    │
├────────┼───────────┼───────────────────┼───────────────────┤
│ [-3:]  │ 2         │ 50% (1 of 2)      │ Average of both   │
├────────┼───────────┼───────────────────┼───────────────────┤
│ [-4:]  │ 3         │ 33% (1 of 3)      │ True middle value │
└────────┴───────────┴───────────────────┴───────────────────┘

Checklist

• I have read the contributing guide
• I have tested my changes locally
• For new parsers or scenarios, tests have been added
• I have run the hub linter and no issues were reported (see contributing guide)
• Automated tests are passing
• AI was used to generate any/all content of this PR