Add PCAP_OVER_IP support

[yunzheng]

• Added "Option C" example and pcap-broker stub to docker-compose.yml
• Handle $PCAP_OVER_IP environment variable in suricata/entrypoint.sh

Closes #7

[yunzheng]

Some explanation of the changes made in this PR,

Changes to suricata/entrypoint.sh

• set -o pipefail ensures that if nc disconnects that suricata also exits immediately
• changed to eval the suricata command so we don't have to duplicate commandline arguments
• the PCAP_OVER_IP variable uses tr to convert : to so we can just define one argument for both hostname and port
• nc uses -d argument, so netcat doesn't try to read from stdin (it has none).

Changes to docker-compose.yml:

• added restart: always to all docker services to ensure it retries reconnecting/restarting
• added pcap-broker stub which builds the container using an inline Dockerfile
• the container_name is set to pcap-broker, which is then used in the "Option C" example in the PCAP_OVER_IP environment variable for connecting to it.
• the PCAP_COMMAND example uses multiline docker arguments so you can easily change the BPF or commands. The example is based on a faustctf setup.

I'm also happy to update the documentation if needed or feel free to make changes in my PR branch.

[aiooss-anssi]

Looks good! Please fix the minor changes I requested and I will merge.

I plan to add later some documentation to also show how to pipe a remote interface to a pcap-over-ip endpoint with netcat, as an alternative to pcap-broker (I like the idea of giving to the user multiple choices).

[aiooss-anssi]

LGTM, thanks a lot!