Implement Suricata App for ingesting rules from Threat Bus

[0snap]

📔 Description

This PR adds a new Python app that connects to Threat Bus via ZeroMQ and listens for STIX-2 indicators with pattern_type == "suricata". Those indicators are then parsed and rule updates are pushed to a suricata rules file, which the user first must configure in their suricata.yaml config file.

The app support CUD in a very simplistic, file-based form. We use suricatasc to instruct Suricata via its UNIX control socket to re-read the rules from the app-maintained rules file in a configurable interval.

📝 Checklist

• All user-facing changes have changelog entries.
• The changes are reflected on docs.tenzir.com/threatbus, if necessary.
• The PR description contains instructions for the reviewer, if necessary.

🎯 Review Instructions

For interactive testing:

• Read the README to prepare your local Suricata
• Start Suricata
• Start OpenCTI
• Start the Threat Bus OpenCTI connector
• Start Threat Bus
• Start the new app (this PR)
• Create new Suricata-typed indicators in OpenCTI (e.g., pattern = alert http any any -> any any (msg: "Test444"; content:"example.com"; http_host; sid:772;)
• Verify they are flushed to Suricata (e.g., curl example.com -> should generate an alert in your eve.json)

[lava]

The code looks good to me; the only addition I'd like to see is to mention in the README that received updates are not applied instantaneously but buffered up to reload_interval seconds, since that will be probably be a bit unexpected for a new user.