Draft: enable output-specific metadata logging configuration in alerts

[satta]

• [X] I have read the contributing guide lines at https://docs.suricata.io/en/latest/devguide/contributing/contribution-process.html
• [X] I have signed the Open Information Security Foundation contribution agreement at https://suricata.io/about/contribution-agreement/ (note: this is only required once)

This draft outlines a potential approach to making app-layer logging options (like mqtt.msg-log-limit (#11054)) available to metadata logging in alerts. The problem there was so far that there is no way of passing these settings to the metadata logging code, since a EveJsonSimpleTxLogFunc only gets the transaction and the JsonBuilder as parameters. Using a global static data structure is only half a solution since it is well possible to have multiple EVE outputs that can have different settings for the same event type, and we would obviously like the alerts in EVE output A use the same options as all the app-layer logging in output A, and the same behaviour for different settings in EVE outpub B and C. With such a global variable we can't reflect that.

Describe changes:

• Introduce interface change for EveJsonSimpleTxLogFunc passing a metadata-specific context into the log function. This is done in the C function declaration and also in all current implementations, Rust and C.
• Add a new pointer array (one pointer per alproto) to the output-specific OutputJsonCtx to store metadata-specific context pointers.
• Use this construct to assign a struct with settings after parsing to that pointer array, and read and use it in EveJsonSimpleTxLogFunc if it is set. Memory-wise, the context struct is already handled (allocated and freed) using the regular InitSub/DeinitCtxSub and all access is expected to only occur during the lifetime defined through this mechanism.