JA4 for TLS and QUIC -- v10

[satta]

Previous PR: #10579

Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/6379

Changes to previous PR:

• Rebase against current master.
• Reduce code duplication by moving ifdefs.
• Avoid output of empty JSON objects when JA3/4 are disabled.
• Avoid unnecessary allocation when JA4 is disabled.
• Adjust wording in documentation and add some information about compile time activation/deactivation.
• Remove unnecessary SCJA4 wrapper struct.

SV_BRANCH=pr/1682

[codecov]

Codecov Report

Attention: Patch coverage is 83.05085% with 80 lines in your changes are missing coverage. Please review.

Project coverage is 82.63%. Comparing base (7d937db) to head (84ec2de).
Report is 98 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #10725      +/-   ##
==========================================
- Coverage   82.69%   82.63%   -0.06%     
==========================================
  Files         926      929       +3     
  Lines      247637   248060     +423     
==========================================
+ Hits       204790   204996     +206     
- Misses      42847    43064     +217     

Flag	Coverage Δ
fuzzcorpus	64.12% <64.15%> (+0.07%)	⬆️
suricata-verify	61.83% <83.18%> (-0.15%)	⬇️
unittests	62.17% <43.85%> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

[catenacyber]

Thanks for the work Sascha :-)

• CI : 🟢
• Code : TODO
• Commits segmentation : nice
• Commit messages : ok for me
• Git ID set : looks fine for me
• CLA : you already contributed :-)
• Doc update : Ok, maybe there could be only one file/section ja-keywords
• Redmine ticket : ok
• Rustfmt : ok for ja4.rs
• Tests : 🟠 Left remarks there
• Dependencies added: none

[catenacyber]

Wonder if this could be only one function instead of copy pasting 4 lines...

[satta]

TBH I would consider having a generic function in some common file less understandable than this way. By keeping such small static functions in the same file, they are closer to where they are used (in plain developer sight), which I consider much more straightforward than having to dig them up in the IDE. FWIW, if I could even use anonymous functions in C for that, I would ;)

I think code duplication is only bad if it is nontrivial code (with a big impact if it's changed) that is being copied, which is not the case here unless the signature if the Setup function pointer would be to change -- but that would touch a lot of places anyway!

[catenacyber]

This is good enough for me even if there are still some nits/questions

[catenacyber]

This now needs a rebase, you can take this as an opportunity to get some more nits better

[satta]

This now needs a rebase, you can take this as an opportunity to get some more nits better

Will do!

[satta]

maybe there could be only one file/section ja-keywords

Done!

[satta]

Next PR: #10829