Implement FQDN Beaconing using TLS SNI and HTTP Host

[Zalgo2462]

This PR implements an FQDN beaconing analysis based off of TLS SNI and HTTP Host headers.
The following collections are added:

• SNIconn: equivalent of the uconn collection for src -> fqdn pairs
  • contains dat array subdocuments dat.tls and dat.http
  • dat.tls entries record TLS connection data for the current chunk
  • dat.http entries record HTTP connection data for the current chunk
• beaconSNI: equivalent of the beacon collection for src -> fqdn pairs
  • For each document in SNIConn, the connection data for TLS and HTTP is merged to create a connection dataset for FQDN beaconing analysis
  • Same schema as beacon collection except for the destination is an fqdn entry instead of a destination unique IP

Additions:

• TLS SNI and HTTP connection parsing logic
  • Three new maps in the ParseResults: TLSConnMap, HTTPConnMap, and ZeekUIDMap.
  • ZeekUIDMap is used to link in information from the conn.log file into the TLSConnMap and HTTPConnMap entries
    • If UIDs are not present for some reason (alternative data sources), the program should not crash
• The sniconn package creates uconn like entries for every source -> fqdn pair in the TLSConnMap and HTTPConnMap
• The beaconSNI package creates beacon like entries for every source -> fqdn pair in the TLSConnMap and HTTPConnMap which passes the connection threshold
• The beaconSNI package creates dat.mbsni and dat.max_beacon_sni entries in the host collection with a separate summary step
• The show-beacons-sni command writes the results of the beaconSNI analysis out to the terminal
• The rita-html-report now writes out a separate tab for Beacon SNI analysis
• The configuration file now has a new section for controlling the SNI beaconing analysis

Removals:
- I have left the old FQDN analysis code in the project during testing of the PR for comparison sake
- I will remove it after we approve the new code

Bug fixes:

• The proxy beacons package was consulting the wrong beacon connection threshold in the config. This has been fixed.

Oddities:

• The strobe implementation is a little different than for uconns. Instead of a single top level strobe field, strobe markers are stored in dat.http.strobe, dat.tls.strobe, and dat.beacon.strobe.

Todo:

• sniconn Readme
• beaconsni Readme

[caffeinatedpixel]

Is the entire beacon fqdn package being removed or only a portion of it?

[Zalgo2462]

We're going to keep the old fqdn beaconing in for this release.

[caffeinatedpixel]

Went through the code and noticed some oddities. Still working on testing.

[caffeinatedpixel]

We do not create indexes for resolved_ips in beaconFQDN. Do you remember any contradiction for adding them in beaconFQDN or was this just an oversight? I have a faint memory of the index causing a slowdown instead of a speed increase, but I seriously could have been dreaming.

[Zalgo2462]

I'll go take a brief skim through our past tickets, but this doesn't ring a bell for me. I don't think I was heavily involved with the development of beaconFQDN, so I might not be the best person to ask though.

[caffeinatedpixel]

I couldn't find anything related to it while sifting through old issues & PRs, so I'll just blame it on the mandela effect.

[caffeinatedpixel]

Requested changes were made. Stated functionality works as expected. SNI beaconing command line commands & html report functionality work as well.