detect: option to run flowbits on stream

[regit]

When a flowbit is set on application layer tests, this has for consequence that there is no point in checking it per packet. This patch adds the data option to the flowbits keyword so the evaluation is done at the stream level and not at the packet one.

As a result, using the data option is preventing the bug https://redmine.openinfosecfoundation.org/issues/2836 to appear.

Ticket: #2836

Make sure these boxes are signed before submitting your Pull Request -- thank you.

• [x] I have read the contributing guide lines at https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Contributing
• [x] I have signed the Open Information Security Foundation contribution agreement at https://suricata.io/about/contribution-agreement/
• [x] I have updated the user guide (in doc/userguide/) to reflect the changes made (if applicable)

Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/2836

Describe changes:

• Add data option to flowbits

suricata-verify-pr: 924

[suricata-qa]

Information: QA ran without warnings.

Pipeline 8977

[victorjulien]

I wonder if a better solution would be to add more classes of "bits": txbits, statebits, framebits, etc, where the execution and lifetime would align better with the type of data that is inspected.